[PATCH 31/39] convert selinuxfs
John Johansen
john.johansen at canonical.com
Mon Sep 22 21:12:07 UTC 2025
On 9/21/25 14:41, Al Viro wrote:
> On Sun, Sep 21, 2025 at 04:44:28PM -0400, Paul Moore wrote:
>>> + dput(dentry);
>>> + return dentry; // borrowed
>>> }
>>
>> Prefer C style comments on their own line:
>>
>> dput(dentry);
>> /* borrowed dentry */
>> return dentry;
>
> Umm... IMO that's more of an annotation along the lines of "fallthru"...
>
>>> @@ -2079,15 +2088,14 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
>>> goto err;
>>> }
>>>
>>> - fsi->policycap_dir = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
>>> + dentry = sel_make_dir(sb->s_root, POLICYCAP_DIR_NAME,
>>> &fsi->last_ino);
>>
>> I'd probably keep fsi->policycap_dir in this patch simply to limit the
>> scope of this patch to just the DCACHE_PERSISTENT related changes, but
>> I'm not going to make a big fuss about that.
>
> Not hard to split that way. Will do...
>
>
> BTW, an unrelated question: does userland care about selinuxfs /null being
> called that (and being on selinuxfs, for that matter)? Same for the
> apparmor's securityfs /apparmor/.null...
>
For apparmor the userspace doesn't care, ideally userspace wouldn't even
see it exists.
> If nobody cares, I would rather add an internal-only filesystem with
> root being a character device (1,3) and whatever markings selinux et.al.
> need for it. With open_devnull(creds) provided for selinux,
> apparmor and whoever else wants to play with neutering descriptors
> on exec...
More information about the Linux-security-module-archive
mailing list