[PATCH 1/2] LSM: switch to blocking policy update notifiers

James Morris jmorris at namei.org
Fri Jun 7 21:48:47 UTC 2019


On Fri, 7 Jun 2019, Paul Moore wrote:

> On Thu, Jun 6, 2019 at 8:45 PM James Morris <jmorris at namei.org> wrote:
> > On Wed, 5 Jun 2019, Paul Moore wrote:
> > > On Wed, Jun 5, 2019 at 1:05 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> > > > On 6/5/2019 9:51 AM, Janne Karhunen wrote:
> > > >
> > > > One hook with an added "bool blocking" argument, if
> > > > that's the only difference?
> > >
> > > I think there is value in keeping a similar convention to the notifier
> > > code on which this is based, see include/linux/notifier.h.
> >
> > Although this doesn't seem to be what other users in the kernel are doing.
> 
> How many of them potentially have the need for both blocking and
> non-blocking notifiers?  I didn't go through the entire list of
> callers, but it seems all that I looked at used only one type.  The
> simple fact that we started with one type of notifier for the LSM, and
> we are now switching to the other (and getting lucky that it is safe
> to do so for the existing callers) seems to lend some weight to the
> argument we may need both and adding "block"/"blocking"/etc. to the
> name has value.

Fair enough.


-- 
James Morris
<jmorris at namei.org>



More information about the Linux-security-module-archive mailing list