Hello, On Thu, Jan 31, 2019 at 11:20:57AM +0100, Ondrej Mosnacek wrote: > Hm, I see... basically the only thing that gets allocated in > kernfs_node_init_security() by default (at least under SELinux/ no > LSM) is the kernfs_iattrs structures, so I assume you are pointing at > that. I think this can be easily fixed, if we again use the assumption Yeap. > Technically this might make some LSMs unhappy, if they want to set > some non-default context even if parent is all default, but this is > already impossible now and in this case I think we have no better > choice than sacrificing a bit of flexibility for memory efficiency, > which is apparently critical here. > > Tejun, Casey, would the above modification be fine with you? Generally looks good but maybe it can check the attr to see whether there actually are things which need inheritance? Thanks. -- tejun
