[RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore

This patch exports the namespace_sem semaphore.

The shared subtree patches which went into 2.6.15-rc1 replaced the old
namespace semaphore which used to be per namespace (and visible) with a
new single static semaphore.

The reason for this change is that currently visibility of vfsmount information
to the LSM hooks is fairly patchy.  Either there is no passed parameter or
it can be NULL.  For the case of the former,  several LSM hooks that we
require to mediate have no vfsmount/nameidata passed.  We previously (mis)used
the visibility of the old per namespace semaphore to walk the processes 
namespace looking for vfsmounts with a root dentry matching the dentry we were 
trying to mediate.  

Clearly this is not viable long term strategy and changes working towards 
passing a vfsmount to all relevant LSM hooks would seem necessary (and also 
useful for other users of LSM). Alternative suggestions and ideas are welcomed.

Signed-off-by: Tony Jones <[email protected]>

---
 fs/namespace.c            |    3 ++-
 include/linux/namespace.h |    2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

--- linux-2.6.17-rc1.orig/fs/namespace.c
+++ linux-2.6.17-rc1/fs/namespace.c
@@ -46,7 +46,8 @@
 static struct list_head *mount_hashtable __read_mostly;
 static int hash_mask __read_mostly, hash_bits __read_mostly;
 static kmem_cache_t *mnt_cache __read_mostly;
-static struct rw_semaphore namespace_sem;
+struct rw_semaphore namespace_sem;
+EXPORT_SYMBOL_GPL(namespace_sem);
 
 /* /sys/fs */
 decl_subsys(fs, NULL, NULL);
--- linux-2.6.17-rc1.orig/include/linux/namespace.h
+++ linux-2.6.17-rc1/include/linux/namespace.h
@@ -5,6 +5,8 @@
 #include <linux/mount.h>
 #include <linux/sched.h>
 
+extern struct rw_semaphore namespace_sem;
+
 struct namespace {
 	atomic_t		count;
 	struct vfsmount *	root;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
    • From: Stephen Smalley <[email protected]>
  • Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
    • From: Christoph Hellwig <[email protected]>

• References:
  • [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Tony Jones <[email protected]>

• Prev by Date: [RFC][PATCH 5/11] security: AppArmor - Filesystem
• Next by Date: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path
• Previous by thread: Re: [RFC][PATCH 5/11] security: AppArmor - Filesystem
• Next by thread: Re: [RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]