On 9/27/2018 3:13 PM, James Morris wrote: > On Fri, 21 Sep 2018, Casey Schaufler wrote: > >> The SELinux specific credential poisioning only makes sense >> if SELinux is managing the credentials. As the intent of this >> patch set is to move the blob management out of the modules >> and into the infrastructure, the SELinux specific code has >> to go. The poisioning could be introduced into the infrastructure >> at some later date. > If it's useful, it should be incorporated into core LSM, otherwise that's > a regression for SELinux When I discussed this code with David Howells he indicated that it was primarily used for debugging the original shared credential implementation and that is was not especially valuable any longer. If someone thinks it is valuable we should consider doing it in the infrastructure for all the blobs, not just the credential.
