Hi! Security hook seems to be missing before compat_ioctl in mm2. And, it would be nice to avoid calling it twice on some paths.
Chris Wright's patch addressed this in the most elegant way I think, by adding vfs_ioctl. Accordingly, this change: @@ -468,6 +496,11 @@ asmlinkage long compat_sys_ioctl(unsigne found_handler: if (t->handler) { + /* RED-PEN how should LSM module know it's handling 32bit? */ + error = security_file_ioctl(filp, cmd, arg); + if (error) + goto out_fput; + lock_kernel(); error = t->handler(fd, cmd, arg, filp); unlock_kernel(); from Andy's "some fixes" patch wont be needed. Chris - are you planning to update your patch to -rc1-mm2? I'd like to see this addressed, after this I believe logically we'll get everything right, then I have a couple of small cosmetic patches, and I believe we'll be set. -- I dont speak for Mellanox. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/