diff options
author | H. Peter Anvin <hpa@zytor.com> | 2007-12-29 16:20:25 -0800 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-25 11:29:50 +1100 |
commit | bced95283e9434611cbad8f2ff903cd396eaea72 (patch) | |
tree | 5d56afc7a5f239ebc53a1800a508f16b8d8701b0 /include | |
parent | 42d7896ebc5f7268b1fe6bbd20f2282e20ae7895 (diff) | |
download | linux-bced95283e9434611cbad8f2ff903cd396eaea72.tar.gz linux-bced95283e9434611cbad8f2ff903cd396eaea72.tar.bz2 linux-bced95283e9434611cbad8f2ff903cd396eaea72.zip |
security: remove security_sb_post_mountroot hook
The security_sb_post_mountroot() hook is long-since obsolete, and is
fundamentally broken: it is never invoked if someone uses initramfs.
This is particularly damaging, because the existence of this hook has
been used as motivation for not using initramfs.
Stephen Smalley confirmed on 2007-07-19 that this hook was originally
used by SELinux but can now be safely removed:
http://marc.info/?l=linux-kernel&m=118485683612916&w=2
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/security.h | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index cbd970a735f2..2e2c63faead7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -249,9 +249,6 @@ struct request_sock; * @mnt contains the mounted file system. * @flags contains the new filesystem flags. * @data contains the filesystem-specific data. - * @sb_post_mountroot: - * Update the security module's state when the root filesystem is mounted. - * This hook is only called if the mount was successful. * @sb_post_addmount: * Update the security module's state when a filesystem is mounted. * This hook is called any time a mount is successfully grafetd to @@ -1257,7 +1254,6 @@ struct security_operations { void (*sb_umount_busy) (struct vfsmount * mnt); void (*sb_post_remount) (struct vfsmount * mnt, unsigned long flags, void *data); - void (*sb_post_mountroot) (void); void (*sb_post_addmount) (struct vfsmount * mnt, struct nameidata * mountpoint_nd); int (*sb_pivotroot) (struct nameidata * old_nd, @@ -1524,7 +1520,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags); void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); -void security_sb_post_mountroot(void); void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd); int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); @@ -1813,9 +1808,6 @@ static inline void security_sb_post_remount (struct vfsmount *mnt, unsigned long flags, void *data) { } -static inline void security_sb_post_mountroot (void) -{ } - static inline void security_sb_post_addmount (struct vfsmount *mnt, struct nameidata *mountpoint_nd) { } |