aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorH. Peter Anvin <hpa@zytor.com>2007-12-29 16:20:25 -0800
committerJames Morris <jmorris@namei.org>2008-01-25 11:29:50 +1100
commitbced95283e9434611cbad8f2ff903cd396eaea72 (patch)
tree5d56afc7a5f239ebc53a1800a508f16b8d8701b0 /security
parent42d7896ebc5f7268b1fe6bbd20f2282e20ae7895 (diff)
downloadkernel_goldelico_gta04-bced95283e9434611cbad8f2ff903cd396eaea72.zip
kernel_goldelico_gta04-bced95283e9434611cbad8f2ff903cd396eaea72.tar.gz
kernel_goldelico_gta04-bced95283e9434611cbad8f2ff903cd396eaea72.tar.bz2
security: remove security_sb_post_mountroot hook
The security_sb_post_mountroot() hook is long-since obsolete, and is fundamentally broken: it is never invoked if someone uses initramfs. This is particularly damaging, because the existence of this hook has been used as motivation for not using initramfs. Stephen Smalley confirmed on 2007-07-19 that this hook was originally used by SELinux but can now be safely removed: http://marc.info/?l=linux-kernel&m=118485683612916&w=2 Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Eric Paris <eparis@parisplace.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/dummy.c6
-rw-r--r--security/security.c5
2 files changed, 0 insertions, 11 deletions
diff --git a/security/dummy.c b/security/dummy.c
index a3b29d0..8e34e03 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -225,11 +225,6 @@ static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
}
-static void dummy_sb_post_mountroot (void)
-{
- return;
-}
-
static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
{
return;
@@ -1017,7 +1012,6 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, sb_umount_close);
set_to_dummy_if_null(ops, sb_umount_busy);
set_to_dummy_if_null(ops, sb_post_remount);
- set_to_dummy_if_null(ops, sb_post_mountroot);
set_to_dummy_if_null(ops, sb_post_addmount);
set_to_dummy_if_null(ops, sb_pivotroot);
set_to_dummy_if_null(ops, sb_post_pivotroot);
diff --git a/security/security.c b/security/security.c
index b13b54f..5068808 100644
--- a/security/security.c
+++ b/security/security.c
@@ -288,11 +288,6 @@ void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *d
security_ops->sb_post_remount(mnt, flags, data);
}
-void security_sb_post_mountroot(void)
-{
- security_ops->sb_post_mountroot();
-}
-
void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd)
{
security_ops->sb_post_addmount(mnt, mountpoint_nd);