introduce new LSM hooks where vfsmount is available. Add new LSM hooks for path-based checks. Call them on directory-modifying operations at the points where we still know the vfsmount involved. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d [log] [tgz]
author: Kentaro Takeda <takedakn@nttdata.co.jp> Wed Dec 17 13:24:15 2008 +0900
committer: Al Viro <viro@zeniv.linux.org.uk> Wed Dec 31 18:07:37 2008 -0500
tree: 3a770f4cc676efeba443b28caa1ad195eeff49bc
parent: 6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]
diff --git a/security/Kconfig b/security/Kconfig
index d9f47ce..9438535 100644
--- a/security/Kconfig
+++ b/security/Kconfig

@@ -81,6 +81,15 @@
 	  IPSec.
 	  If you are unsure how to answer this question, answer N.
 
+config SECURITY_PATH
+	bool "Security hooks for pathname based access control"
+	depends on SECURITY
+	help
+	  This enables the security hooks for pathname based access control.
+	  If enabled, a security module can use these hooks to
+	  implement pathname based access controls.
+	  If you are unsure how to answer this question, answer N.
+
 config SECURITY_FILE_CAPABILITIES
 	bool "File POSIX Capabilities"
 	default n
commit	be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d	[log] [tgz]
author	Kentaro Takeda <takedakn@nttdata.co.jp>	Wed Dec 17 13:24:15 2008 +0900
committer	Al Viro <viro@zeniv.linux.org.uk>	Wed Dec 31 18:07:37 2008 -0500
tree	3a770f4cc676efeba443b28caa1ad195eeff49bc
parent	6a94cb73064c952255336cc57731904174b2c58f [diff] [blame]