Re: [RFC] vfs: security: Parse dev_name before calling security_sb_mount
From: Song Liu
Date: Fri Jul 11 2025 - 19:10:51 EST
> On Jul 11, 2025, at 2:36 AM, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> On Thu, Jul 10, 2025 at 05:00:18PM +0000, Song Liu wrote:
>>
>>
>>> On Jul 10, 2025, at 4:46 AM, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>>
>> [...]
>>
>>>> Right now, we have security_sb_mount and security_move_mount, for
>>>> syscall “mount” and “move_mount” respectively. This is confusing
>>>> because we can also do move mount with syscall “mount”. How about
>>>> we create 5 different security hooks:
>>>>
>>>> security_bind_mount
>>>> security_new_mount
>>>> security_reconfigure_mount
>>>> security_remount
>>>> security_change_type_mount
>>>>
>>>> and remove security_sb_mount. After this, we will have 6 hooks for
>>>> each type of mount (the 5 above plus security_move_mount).
>>>
>>> I've multiple times pointed out that the current mount security hooks
>>> aren't working and basically everything in the new mount api is
>>> unsupervised from an LSM perspective.
>>
>> To make sure I understand the comment. By “new mount api”, do you mean
>> the code path under do_new_mount()?
>
> fsopen()
> fsconfig()
> fsmount()
> open_tree()
> open_tree_attr()
> move_mount()
> statmount()
> listmount()
>
> I think that's all.
Reading the code, I think we also need to cover fspick.
Thanks,
Song