On Wed, 9 Oct 2019, Casey Schaufler wrote: > On 10/9/2019 3:14 PM, James Morris wrote: > > On Wed, 9 Oct 2019, Casey Schaufler wrote: > > > >> Please consider making the perf_alloc security blob maintained > >> by the infrastructure rather than the individual modules. This > >> will save it having to be changed later. > > Is anyone planning on using this with full stacking? > > > > If not, we don't need the extra code & complexity. Stacking should only > > cover what's concretely required by in-tree users. > > I don't believe it's any simpler for SELinux to do the allocation > than for the infrastructure to do it. I don't see anyone's head > exploding over the existing infrastructure allocation of blobs. > We're likely to want it at some point, so why not avoid the hassle > and delay by doing it the "new" way up front? Because it is not necessary. -- James Morris <jmorris@xxxxxxxxx>
