[PATCH 25/58] IMA: Clean out lsm_export scaffolding

Casey Schaufler casey at schaufler-ca.com
Mon Jun 3 21:40:43 UTC 2019


On 6/1/2019 7:06 PM, Kees Cook wrote:
> On Fri, May 31, 2019 at 04:09:47PM -0700, Casey Schaufler wrote:
>> +++ b/security/integrity/ima/ima_api.c
>> @@ -159,7 +159,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
>>   * ima_get_action - appraise & measure decision based on policy.
>>   * @inode: pointer to inode to measure
>>   * @cred: pointer to credentials structure to validate
>> - * @secid: secid of the task being validated
>> + * @l: LAM data of the task being validated
>>   * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,
>>   *        MAY_APPEND)
>>   * @func: caller identifier
> Call this "l" just hurts me. Why shouldn't it still be secid?

Changing the type while leaving the name alone, or
changed slightly (e.g. secids instead of secid) makes
tracking down unchanged uses much harder. How about
lsme, or export?

> Also typo: LAM -> LSM.

That too.



More information about the Linux-security-module-archive mailing list