[PATCH 31/39] convert selinuxfs
Al Viro
viro at zeniv.linux.org.uk
Sun Sep 21 21:41:10 UTC 2025
On Sun, Sep 21, 2025 at 04:44:28PM -0400, Paul Moore wrote:
> > + dput(dentry);
> > + return dentry; // borrowed
> > }
>
> Prefer C style comments on their own line:
>
> dput(dentry);
> /* borrowed dentry */
> return dentry;
Umm... IMO that's more of an annotation along the lines of "fallthru"...
> > @@ -2079,15 +2088,14 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
> > goto err;
> > }
> >
> > - fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
> > + dentry = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
> > &fsi->last_ino);
>
> I'd probably keep fsi->policycap_dir in this patch simply to limit the
> scope of this patch to just the DCACHE_PERSISTENT related changes, but
> I'm not going to make a big fuss about that.
Not hard to split that way. Will do...
BTW, an unrelated question: does userland care about selinuxfs /null being
called that (and being on selinuxfs, for that matter)? Same for the
apparmor's securityfs /apparmor/.null...
If nobody cares, I would rather add an internal-only filesystem with
root being a character device (1,3) and whatever markings selinux et.al.
need for it. With open_devnull(creds) provided for selinux,
apparmor and whoever else wants to play with neutering descriptors
on exec...
More information about the Linux-security-module-archive
mailing list