From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexey Dobriyan <adobriyan@gmail.com>
Subject: Re: [PATCH] Introduce new LSM hooks where vfsmount is available.
Date: Tue, 23 Sep 2008 19:20:53 +0400
Message-ID: <20080923152053.GA6622@x200.localdomain>
References: <48C65E9D.3070106@nttdata.co.jp> <5fb14edc0809090902m32431bf6yf518a457e410764d@mail.gmail.com> <20080910134540.45ec1272.akpm@linux-foundation.org> <48C877DE.4040402@nttdata.co.jp> <48D06865.8070602@nttdata.co.jp> <alpine.LRH.1.10.0809231604040.25628@tundra.namei.org> <alpine.DEB.1.10.0809222310450.25430@asgard.lang.hm> <1222182167.28396.11.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: david@lang.hm, James Morris <jmorris@namei.org>,
	Kentaro Takeda <takedakn@nttdata.co.jp>,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	Toshiharu Harada <haradats@nttdata.co.jp>
To: Stephen Smalley <sds@tycho.nsa.gov>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from gv-out-0910.google.com ([216.239.58.185]:64567 "EHLO
	gv-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752284AbYIWPSq (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 23 Sep 2008 11:18:46 -0400
Received: by gv-out-0910.google.com with SMTP id e6so137512gvc.37
        for <linux-fsdevel@vger.kernel.org>; Tue, 23 Sep 2008 08:18:44 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <1222182167.28396.11.camel@moss-spartans.epoch.ncsc.mil>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Tue, Sep 23, 2008 at 11:02:47AM -0400, Stephen Smalley wrote:
> 
> On Mon, 2008-09-22 at 23:12 -0700, david@lang.hm wrote:
> > On Tue, 23 Sep 2008, James Morris wrote:
> > 
> > > On Wed, 17 Sep 2008, Kentaro Takeda wrote:
> > >
> > >> TOMOYO Linux needs method for calculating pathname in LSM module.
> > >> However, we have received comment from Al Viro, the vfs maintainer,
> > >> that adding vfsmount parameter to vfs helper functions (and LSM hooks)
> > >> is not preferable. We have asked some people (including Al), and we
> > >> came back to the most straightforward approach; adding new LSM hooks
> > >> where vfsmount is available.
> > >>
> > >> The attached patch introduces several new LSM hooks TOMOYO Linux
> > >> needs. It has less impact to existing LSM module and no impact to vfs
> > >> helper functions. Please review it.
> > >
> > > I don't see any technical errors in this patch.
> > >
> > > If it is going to be merged, please make a new config option for
> > > path-based hooks (similar to that for the network hooks), so they can be
> > > compiled out.

Another pointless config option.

It's actually pretty surprising that SECURITY_NETWORK is
a) user-visible and b) is not SECURITY && NET.

Same for SECURITY_NETWORK_XFRM.