[apparmor] [PATCH 6/7] tomoyo: Convert from sb_mount to granular mount hooks
Song Liu
song at kernel.org
Fri Mar 27 00:40:49 UTC 2026
Hi Christian and Al,
On Mon, Mar 23, 2026 at 11:12 PM Tetsuo Handa
<penguin-kernel at i-love.sakura.ne.jp> wrote:
[...]
> diff --git a/fs/namespace.c b/fs/namespace.c
> index ba5baccdde67..621b8205a0af 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -3777,7 +3777,7 @@ static bool mount_too_revealing(const struct super_block *sb, int *new_mnt_flags
> * be added to the namespace tree.
> */
> static int do_new_mount_fc(struct fs_context *fc, const struct path *mountpoint,
> - unsigned int mnt_flags)
> + unsigned int mnt_flags, void *data, unsigned long flags)
> {
> struct super_block *sb;
> struct vfsmount *mnt __free(mntput) = fc_mount(fc);
> @@ -3786,6 +3786,10 @@ static int do_new_mount_fc(struct fs_context *fc, const struct path *mountpoint,
> if (IS_ERR(mnt))
> return PTR_ERR(mnt);
>
> + error = security_mount_new(fc, mountpoint, mnt_flags, flags, data);
> + if (error)
> + return error;
> +
> sb = fc->root->d_sb;
> error = security_sb_kern_mount(sb);
> if (unlikely(error))
> @@ -3857,9 +3861,7 @@ static int do_new_mount(const struct path *path, const char *fstype,
> err = -EPERM;
>
> if (!err)
> - err = security_mount_new(fc, path, mnt_flags, flags, data);
> - if (!err)
> - err = do_new_mount_fc(fc, path, mnt_flags);
> + err = do_new_mount_fc(fc, path, mnt_flags, data, flags);
>
> put_fs_context(fc);
> return err;
Could you please comment on Tetsuo's proposal here? The core
change (moving security_mount_new after fc_mount) makes sense
to me. However, it seems to require a lot of code to support this
change.
Given the current patchset addresses TOCTOU issues of bind
mount, etc. Maybe we can land this set and address TOCTOU
issue with new mount in follow-up patches?
Thanks,
Song
More information about the AppArmor
mailing list