Hi Eric -

Eric Paris wrote:
> So there are 2 overarching problems this patch set it attempting to
> solve or make later solutions easier.  
> 
> 1) NFS uses binary mount data (for both normal and nohide/referral
> mounts) which currently SELinux attempts to understand and use.  This
> was declared a layering issue, no security module should have FS
> specific data structure knowledge.  (Instead we have to put security
> module specific knowledge into the FS since the FS 'owns' the mount
> data, see below)

Please take a look at the string-ified NFS mount patches that are going 
into 2.6.23.  In the future we want to pass mount options for NFS mounts 
via a C string instead of a binary blob.  If nothing else, it will 
affect your changes to fs/nfs/super.c.