From: Tvrtko Ursulin <tvrtko.ursulin@sophos.com>
Organization: Sophos Plc
To: Greg KH <greg@kroah.com>
Subject: Re: BUG: Securityfs and bind mounts (2.6.34)
Date: Thu, 8 Jul 2010 16:32:42 +0100
User-Agent: KMail/1.12.4 (Linux/2.6.34; KDE/4.3.5; x86_64; ; )
CC: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
       Al Viro <viro@zeniv.linux.org.uk>
References: <201007081112.41252.tvrtko.ursulin@sophos.com> <201007081555.01242.tvrtko.ursulin@sophos.com> <20100708152059.GA12932@kroah.com>
In-Reply-To: <20100708152059.GA12932@kroah.com>
MIME-Version: 1.0
Message-ID: <201007081632.42069.tvrtko.ursulin@sophos.com>
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1164
Lines: 26

On Thursday 08 Jul 2010 16:20:59 Greg KH wrote:
> > :) Well I do not know, but, it kind of smelled like a bug in the
> > : vfs/mount
> >
> > handling/securityfs area so I thought to let experts know. I _think_ I
> > did nothing that much wrong. Just used the exposed API
> > (securityfs_remove) and some bind mount shuffling from userspace.
>
> securitfs just uses libfs underneath it, and really doesn't have any
> bindings for module ownerships, so I wouldn't recommend doing what you
> just did.

Just do double check what you are saying, securityfs is not safe for use from
modules? If so I would then recommend removing the exports otherwise it is an
invitation to shoot yourself into the foot. Also, in-three TPM driver can be
built as a module so how does that work?

Tvrtko

Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom.
Company Reg No 2096520. VAT Reg No GB 348 3873 20.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/