On 1/19/2023 12:29 PM, Johannes Berg wrote: > On Wed, 2023-01-18 at 16:36 -0800, Jakub Kicinski wrote: >> +kernel-policy >> +~~~~~~~~~~~~~ >> + >> +Defines if the kernel validation policy is per operation (``per-op``) >> +or for the entire family (``global``). New families should use ``per-op`` >> +(default) to be able to narrow down the attributes accepted by a specific >> +command. > > Again I'm not sure I agree with that recommendation, but I know it's > your preference :-) > > (IMHO some things become more complex, such as having a "ifindex" in > each one of them) > Per op policy is important because otherwise it can become impossible to safely extend a new attribute to commands over multiple kernel releases. If you add an attribute like DEVLINK_ATTR_DRY_RUN in one kernel, and add it to devlink_cmd_foo.. its no longer really possible to add it to another command if the policy is global.
