TOMOYO Linuxをマージしてもらうために必要となるLSMフックの追加がはいった。

• + introduce-new-lsm-hooks-where-vfsmount-is-available.patch added to -mm tree' - MAR

From: Andrew Morton
To: Kentaro Takeda
Cc: viro, haradats,penguin-kernel
Subject: Re: [PATCH RFC] Introduce new LSM hooks where vfsmount isavailable.
Date: Wed, 17 Sep 2008 11:53:54 -0700

On Thu, 11 Sep 2008 10:43:58 +0900
Kentaro Takeda wrote:

> > yes - and I've told them what to do months ago
> > shift their call sites up the call chain
> > to the places where vfsmounts they want *are* known
> > add new hooks in those locations, for all I care
> > leaving the old ones where they are

> > they want vfsmount available to their "security" methods
> > that are called from functions that know and care only about dentry
> > and don't care which of fs instances in the mount tree (if any) had been involved
> > moreover, that "if any" is serious - it's not obvious for some callers
> > the obvious solution: call their methods from callers of those functions; i.e. from places that *do* know which vfsmount they are dealing with
> > or from _some_ such callers - ones where we have a vfsmount involved
> > Note: I'm carefully abstaining from any judgement on usefulness of the entire "path-based" thing
> > as long as they do it clean way, I simply don't care if what they are selling to their customers is a snake oil; it's not my problem
> Thank you for your comments.
>
> We prepared a new patch for using pathname in LSM module.
> Is the attached patch acceptable for you?
>
> Regards,
>
> ---
> Subject: Introduce new LSM hooks.
>
> This patch allows LSM to check permission using "struct vfsmount"
> without passing "struct vfsmount" to VFS helper functions.
>

This needs a far, far, far more detailed changelog. Please send a new
description which provides *all* information describing why this code
is being added, what it is for, what problems it solves, what
alternatives were considered, why they were rejected, etc, etc, etc.

Provide sufficient information so that an averagely experienced kernel
developer can understand what's going on.

Thanks.

(the above requirement is true for *all* patches, always, no exceptions

• the person who suffers most when it is ignored is the person who is

trying to get his/her patch merged. Trust me on this).