On Fri, 2022-01-28 at 10:44 -0500, Stefan Berger wrote: > On 1/27/22 17:30, Mimi Zohar wrote: > > On Tue, 2022-01-25 at 17:46 -0500, Stefan Berger wrote: > >> From: Stefan Berger <stefanb@xxxxxxxxxxxxx> > >> > >> Move the ima_write_mutex, ima_fs_flag, and valid_policy variables into > >> ima_namespace. This way each IMA namespace can set those variables > >> independently. > > This patch description needs to be expanded a bit, indicating why > > they're being moved together. These flags are needed when loading a > > policy. Please also update the "struct ima_namespace" comment. > > I'll extend the above sentence like this: > > ... those variables independently in its instance of securityfs. That doesn't explain anything as to what these flags are or how they're used. Perhaps something like, "Move the variables - ima_write_mutex, ima_fs_flag, and valid_policy - related to updating the IMA policy into the ima_namespace. This way each IMA namespace can set these variables independently." Did you notice my comment inline below? thanks, Mimi
