On Jul 11, 2025, at 2:36 AM, Christian Brauner [off-list ref] wrote:

On Thu, Jul 10, 2025 at 05:00:18PM +0000, Song Liu wrote:

quoted

quoted

On Jul 10, 2025, at 4:46 AM, Christian Brauner [off-list ref] wrote:

[...]

quoted

quoted

Right now, we have security_sb_mount and security_move_mount, for 
syscall “mount” and “move_mount” respectively. This is confusing 
because we can also do move mount with syscall “mount”. How about 
we create 5 different security hooks:

security_bind_mount
security_new_mount
security_reconfigure_mount
security_remount
security_change_type_mount

and remove security_sb_mount. After this, we will have 6 hooks for
each type of mount (the 5 above plus security_move_mount).

I've multiple times pointed out that the current mount security hooks
aren't working and basically everything in the new mount api is
unsupervised from an LSM perspective.

To make sure I understand the comment. By “new mount api”, do you mean 
the code path under do_new_mount()?

fsopen()
fsconfig()
fsmount()
open_tree()
open_tree_attr()
move_mount()
statmount()
listmount()

I think that's all.

Reading the code, I think we also need to cover fspick. 

Thanks,
Song