[PATCH v9 04/23] securityfs: Extend securityfs with namespacing support
Stefan Berger
stefanb at linux.ibm.com
Mon Jan 31 22:28:44 UTC 2022
On 1/27/22 11:53, Mimi Zohar wrote:
> On Tue, 2022-01-25 at 17:46 -0500, Stefan Berger wrote:
>> From: Stefan Berger <stefanb at linux.ibm.com>
>>
>> Enable multiple instances of securityfs by keying each instance with a
>> pointer to the user namespace it belongs to.
>>
>> Since we do not need the pinning of the filesystem for the virtualization
>> case, limit the usage of simple_pin_fs() and simpe_release_fs() to the
>> case when the init_user_ns is active. This simplifies the cleanup for the
>> virtualization case where usage of securityfs_remove() to free dentries
>> is not needed anymore.
> Could you add a sentence here explaining why securityfs_remove() isn't
> needed in the virtualization case?
At this point the reason is that simple_pin_fs() is not used for the
virtualization case.
Maybe it should say: ... to free dentries is *therefore* not needed anymore.
Stefan
More information about the Linux-security-module-archive
mailing list