Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes: > On Thu, May 28, 2020 at 8:53 AM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: >> >> It makes no sense to set active_per_clear when the kernel decides not >> to honor the executables setuid or or setgid bits. Instead set >> active_per_clear when the kernel actually decides to honor the suid or >> sgid permission bits of an executable. > > You seem to be confused about the naming yourself. > > You talk about "active_per_clear", but the code is about "per_clear". WTF? I figured out how to kill active_per_clear see (3/11) and I failed to update the patch description here. I think active_ is a louzy suffix but since it all goes away in patch 3 when I remove the recomputation and the need to have two versions of the setting I think it is probably good enough. Eric
