Date: Sat, 29 Dec 2007 16:29:29 -0800 (PST)
From: Casey Schaufler <casey@schaufler-ca.com>
Reply-To: casey@schaufler-ca.com
Subject: Re: [PATCH] security: remove security_sb_post_mountroot hook
To: "H. Peter Anvin" <hpa@zytor.com>, Chris Wright <chrisw@sous-sol.org>,
       Andrew Morton <akpm@linux-foundation.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>, James Morris <jmorris@namei.org>,
       Eric Paris <eparis@parisplace.org>, "H. Peter Anvin" <hpa@zytor.com>,
       Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
       Linux Security Modules List 
	<linux-security-module@vger.kernel.org>
In-Reply-To: <200712300020.lBU0KPcr010209@tazenda.hos.anvin.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-ID: <139407.71031.qm@web36615.mail.mud.yahoo.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1100
Lines: 31


--- "H. Peter Anvin" <hpa@zytor.com> wrote:

> The security_sb_post_mountroot() hook is long-since obsolete, and is
> fundamentally broken: it is never invoked if someone uses initramfs.
> This is particularly damaging, because the existence of this hook has
> been used as motivation for not using initramfs.
> 
> Stephen Smalley confirmed on 2007-07-19 that this hook was originally
> used by SELinux but can now be safely removed:
> 
>      http://marc.info/?l=linux-kernel&m=118485683612916&w=2
> 
> Cc: Stephen Smalley <sds@tycho.nsa.gov>
> Cc: James Morris <jmorris@namei.org>
> Cc: Eric Paris <eparis@parisplace.org>
> Cc: Chris Wright <chrisw@sous-sol.org>
> Signed-off-by: H. Peter Anvin <hpa@zytor.com>

It is also the case that Smack does not use this hook.
It can be removed as far as I'm concerned.


Casey Schaufler
casey@schaufler-ca.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/