The kernel's super_block structure represents a filesystem. This structure is used when mounting and unmounting a filesystem or obtaining filesystem statistics, for example. The super block hooks, super_block_security_ops, mediate the various actions that can be taken on a super_block. As a simple example, the statfs() super block hook checks permission when a task attempts to obtain a file system's statistics.
When mounting a filesystem, the kernel first validates the request by calling the mount() super block hook. Assuming success, a new super_block is created7 regardless of whether it is backed by a block device or by an anonymous device. The kernel then allocates space for a security field in the new super_block by calling the alloc_security() super block hook. Next, when the super_block is to be added to the global tree, the check_sb() super block hook is called to verify that the filesystem can indeed be mounted at the point in the tree that is being requested. If this is successful, a post_addmount() hook is invoked to synchronize the security module's state.
The super block hook umount() is called to check permission when unmounting a filesystem. If successful, the umount_close() hook is used to synchronize state and, for example, close any files in the filesystem that are held open by the security module. Once the super_block is no longer referenced, it will be deleted, and the free_security() hook will free the security field.