> > We can do the security check at the filesystem level, because we have > > sb->s_bdev->bd_inode, and if you have read and write permissions to > > that inode, you might as well have permission to create a unsafe hole.
Not if you don't have access to a block device node to open it, or there are SELinux rules that control the access. There are cases it isn't entirely the same thing as far as I can see. Consider within a container for example. The paranoid approach would IMHO to have a mount option so you can explicitly declare a file system mount should trust its owner/group and then that can also be used to wire up any other "unsafe" activities in a general "mounted for a special use" option. Alan
