[PATCH v3 1/5] lsm: Add hook security_unix_find
Paul Moore
paul at paul-moore.com
Mon Feb 9 17:09:32 UTC 2026
On Wed, Feb 4, 2026 at 5:25 AM Günther Noack <gnoack at google.com> wrote:
>
> Paul:
>
> You have previously said that you would like hooks to be generic and
> ideally reflect the arguments of the same function that they are
> called from [3].
To clarify, I didn't say that it is generally ideal for the LSM hook
to reflect the arguments of the calling function; while that might be
a good starting point, we have plenty of examples where that is not
desirable. In this particular case I said it seems like it would be a
good idea to pass the "type" and "flags" parameters from the caller to
the LSM hook.
> Q: Would it be acceptable to change the hook arguments, if we can then
> avoid passing additional data between hooks through that side-storage?
If you're passing the sock, I think we can skip passing the type,
however, I could envision someone wanting the path in addition to just
the sock, but let's wait to hear back from the AppArmor folks.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list