[PATCH v9 04/23] securityfs: Extend securityfs with namespacing support

Mimi Zohar zohar at linux.ibm.com
Mon Jan 31 23:43:12 UTC 2022


On Mon, 2022-01-31 at 17:28 -0500, Stefan Berger wrote:
> On 1/27/22 11:53, Mimi Zohar wrote:
> > On Tue, 2022-01-25 at 17:46 -0500, Stefan Berger wrote:
> >> From: Stefan Berger <stefanb at linux.ibm.com>
> >>
> >> Enable multiple instances of securityfs by keying each instance with a
> >> pointer to the user namespace it belongs to.
> >>
> >> Since we do not need the pinning of the filesystem for the virtualization
> >> case, limit the usage of simple_pin_fs() and simpe_release_fs() to the
> >> case when the init_user_ns is active. This simplifies the cleanup for the
> >> virtualization case where usage of securityfs_remove() to free dentries
> >> is not needed anymore.
> > Could you add a sentence here explaining why securityfs_remove() isn't
> > needed in the virtualization case?
> 
> At this point the reason is that simple_pin_fs() is not used for the 
> virtualization case.
> 
> Maybe it should say: ... to free dentries is *therefore* not needed anymore.

Probably it's obvious, but I was looking for something along the lines
of, "The securityfs file or directory is automatically removed based on
reference count."

No need to update it.

thanks,

Mimi



More information about the Linux-security-module-archive mailing list