Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > On Tue, 08 Feb 2005 11:24:50 CST, Michael Halcrow said: > > > While the program is waiting for a keystroke, mount the block device. > > Enter a keystroke. The result without the patch is 1, which is a > > security violation. This occurs because the bd_release function will > > bd_release(bdev) and set inode->i_security to NULL on the close(fd1). > > Sounds like a bug, not a feature. Should it be zeroing out inode->i_security > for an inode with a non-zero reference count?
Valdis, inode->i_security is no longer used after the patch. Does your question still apply with the proposed patch, %s/inode->i_security/file->f_security/? Nevertheless, note that the thing being enforced is "no simultaneous write access to a block device and mount of that block device." The file->f_security is just used as a flag to seclvl that when this file is closed, we can bd_release the device to allow a mount or another open(O_RDWR) of the file. So references to the inode don't matter, provided the other references are read accesses. Which they have to be, since otherwise the seclvl_bd_claim() would have failed on the second open(O_RDWR) call. I hope I'm at least remotely answering your question :) -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
