Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bced95283e9434611cbad8f2ff903cd396eaea72
Commit:     bced95283e9434611cbad8f2ff903cd396eaea72
Parent:     42d7896ebc5f7268b1fe6bbd20f2282e20ae7895
Author:     H. Peter Anvin <[EMAIL PROTECTED]>
AuthorDate: Sat Dec 29 16:20:25 2007 -0800
Committer:  James Morris <[EMAIL PROTECTED]>
CommitDate: Fri Jan 25 11:29:50 2008 +1100

    security: remove security_sb_post_mountroot hook
    
    The security_sb_post_mountroot() hook is long-since obsolete, and is
    fundamentally broken: it is never invoked if someone uses initramfs.
    This is particularly damaging, because the existence of this hook has
    been used as motivation for not using initramfs.
    
    Stephen Smalley confirmed on 2007-07-19 that this hook was originally
    used by SELinux but can now be safely removed:
    
         http://marc.info/?l=linux-kernel&m=118485683612916&w=2
    
    Cc: Stephen Smalley <[EMAIL PROTECTED]>
    Cc: James Morris <[EMAIL PROTECTED]>
    Cc: Eric Paris <[EMAIL PROTECTED]>
    Cc: Chris Wright <[EMAIL PROTECTED]>
    Signed-off-by: H. Peter Anvin <[EMAIL PROTECTED]>
    Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
 include/linux/security.h |    8 --------
 init/do_mounts.c         |    1 -
 security/dummy.c         |    6 ------
 security/security.c      |    5 -----
 4 files changed, 0 insertions(+), 20 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index cbd970a..2e2c63f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -249,9 +249,6 @@ struct request_sock;
  *     @mnt contains the mounted file system.
  *     @flags contains the new filesystem flags.
  *     @data contains the filesystem-specific data.
- * @sb_post_mountroot:
- *     Update the security module's state when the root filesystem is mounted.
- *     This hook is only called if the mount was successful.
  * @sb_post_addmount:
  *     Update the security module's state when a filesystem is mounted.
  *     This hook is called any time a mount is successfully grafetd to
@@ -1257,7 +1254,6 @@ struct security_operations {
        void (*sb_umount_busy) (struct vfsmount * mnt);
        void (*sb_post_remount) (struct vfsmount * mnt,
                                 unsigned long flags, void *data);
-       void (*sb_post_mountroot) (void);
        void (*sb_post_addmount) (struct vfsmount * mnt,
                                  struct nameidata * mountpoint_nd);
        int (*sb_pivotroot) (struct nameidata * old_nd,
@@ -1524,7 +1520,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags);
 void security_sb_umount_close(struct vfsmount *mnt);
 void security_sb_umount_busy(struct vfsmount *mnt);
 void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void 
*data);
-void security_sb_post_mountroot(void);
 void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata 
*mountpoint_nd);
 int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
 void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata 
*new_nd);
@@ -1813,9 +1808,6 @@ static inline void security_sb_post_remount (struct 
vfsmount *mnt,
                                             unsigned long flags, void *data)
 { }
 
-static inline void security_sb_post_mountroot (void)
-{ }
-
 static inline void security_sb_post_addmount (struct vfsmount *mnt,
                                              struct nameidata *mountpoint_nd)
 { }
diff --git a/init/do_mounts.c b/init/do_mounts.c
index 4efa1e5..31b2185 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
@@ -470,6 +470,5 @@ void __init prepare_namespace(void)
 out:
        sys_mount(".", "/", NULL, MS_MOVE, NULL);
        sys_chroot(".");
-       security_sb_post_mountroot();
 }
 
diff --git a/security/dummy.c b/security/dummy.c
index a3b29d0..8e34e03 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -225,11 +225,6 @@ static void dummy_sb_post_remount (struct vfsmount *mnt, 
unsigned long flags,
 }
 
 
-static void dummy_sb_post_mountroot (void)
-{
-       return;
-}
-
 static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
 {
        return;
@@ -1017,7 +1012,6 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, sb_umount_close);
        set_to_dummy_if_null(ops, sb_umount_busy);
        set_to_dummy_if_null(ops, sb_post_remount);
-       set_to_dummy_if_null(ops, sb_post_mountroot);
        set_to_dummy_if_null(ops, sb_post_addmount);
        set_to_dummy_if_null(ops, sb_pivotroot);
        set_to_dummy_if_null(ops, sb_post_pivotroot);
diff --git a/security/security.c b/security/security.c
index b13b54f..5068808 100644
--- a/security/security.c
+++ b/security/security.c
@@ -288,11 +288,6 @@ void security_sb_post_remount(struct vfsmount *mnt, 
unsigned long flags, void *d
        security_ops->sb_post_remount(mnt, flags, data);
 }
 
-void security_sb_post_mountroot(void)
-{
-       security_ops->sb_post_mountroot();
-}
-
 void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata 
*mountpoint_nd)
 {
        security_ops->sb_post_addmount(mnt, mountpoint_nd);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to