[PATCH 1/2] LSM: switch to blocking policy update notifiers
Paul Moore
paul at paul-moore.com
Fri Jun 7 05:19:04 UTC 2019
On Thu, Jun 6, 2019 at 8:45 PM James Morris <jmorris at namei.org> wrote:
> On Wed, 5 Jun 2019, Paul Moore wrote:
> > On Wed, Jun 5, 2019 at 1:05 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> > > On 6/5/2019 9:51 AM, Janne Karhunen wrote:
> > >
> > > One hook with an added "bool blocking" argument, if
> > > that's the only difference?
> >
> > I think there is value in keeping a similar convention to the notifier
> > code on which this is based, see include/linux/notifier.h.
>
> Although this doesn't seem to be what other users in the kernel are doing.
How many of them potentially have the need for both blocking and
non-blocking notifiers? I didn't go through the entire list of
callers, but it seems all that I looked at used only one type. The
simple fact that we started with one type of notifier for the LSM, and
we are now switching to the other (and getting lucky that it is safe
to do so for the existing callers) seems to lend some weight to the
argument we may need both and adding "block"/"blocking"/etc. to the
name has value.
--
paul moore
www.paul-moore.com
More information about the Linux-security-module-archive
mailing list