On Mon, 20 Apr 2020 17:02:41 -0700 Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > This is a first pass at updating the basic documentation on > Linux Security Modules (LSM), which is frighteningly out of date. > Remove untrue statements about the LSM framework. Replace them > with true statements where it is convenient to do so. This is > the beginning of a larger effort to bring the LSM documentation > up to date. Seems like a good set of changes overall. One small nit... > +The LSM framework provides for a close approximation of > +general security module stacking. It defines > +:c:func:`security_add_hooks()` to which each security module passes a > +:c:type:`struct security_hooks_list <security_hooks_list>`, > +which are added to the lists. > +The LSM framework does not provide a mechanism for removing hooks that > +have been registered. An individual security module chose to implement > +such a mechanism, but the safety of such a mechanism is in no way > +guaranteed by the framework. There is no need for :c:func: anymore; just say security_add_hooks() and the Right Thing™ will happen. It would be good to take all of those out while you're thrashing up the file. I really need to get back and do the same thing for :c:type: ... Thanks, jon
