path: root/include
diff options
authorH. Peter Anvin <hpa@zytor.com>2007-12-29 16:20:25 -0800
committerJames Morris <jmorris@namei.org>2008-01-25 11:29:50 +1100
commitbced95283e9434611cbad8f2ff903cd396eaea72 (patch)
tree5d56afc7a5f239ebc53a1800a508f16b8d8701b0 /include
parent42d7896ebc5f7268b1fe6bbd20f2282e20ae7895 (diff)
security: remove security_sb_post_mountroot hook
The security_sb_post_mountroot() hook is long-since obsolete, and is fundamentally broken: it is never invoked if someone uses initramfs. This is particularly damaging, because the existence of this hook has been used as motivation for not using initramfs. Stephen Smalley confirmed on 2007-07-19 that this hook was originally used by SELinux but can now be safely removed: http://marc.info/?l=linux-kernel&m=118485683612916&w=2 Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Eric Paris <eparis@parisplace.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include')
1 files changed, 0 insertions, 8 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index cbd970a735f..2e2c63faead 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -249,9 +249,6 @@ struct request_sock;
* @mnt contains the mounted file system.
* @flags contains the new filesystem flags.
* @data contains the filesystem-specific data.
- * @sb_post_mountroot:
- * Update the security module's state when the root filesystem is mounted.
- * This hook is only called if the mount was successful.
* @sb_post_addmount:
* Update the security module's state when a filesystem is mounted.
* This hook is called any time a mount is successfully grafetd to
@@ -1257,7 +1254,6 @@ struct security_operations {
void (*sb_umount_busy) (struct vfsmount * mnt);
void (*sb_post_remount) (struct vfsmount * mnt,
unsigned long flags, void *data);
- void (*sb_post_mountroot) (void);
void (*sb_post_addmount) (struct vfsmount * mnt,
struct nameidata * mountpoint_nd);
int (*sb_pivotroot) (struct nameidata * old_nd,
@@ -1524,7 +1520,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags);
void security_sb_umount_close(struct vfsmount *mnt);
void security_sb_umount_busy(struct vfsmount *mnt);
void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
-void security_sb_post_mountroot(void);
void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
@@ -1813,9 +1808,6 @@ static inline void security_sb_post_remount (struct vfsmount *mnt,
unsigned long flags, void *data)
{ }
-static inline void security_sb_post_mountroot (void)
-{ }
static inline void security_sb_post_addmount (struct vfsmount *mnt,
struct nameidata *mountpoint_nd)
{ }