On Tue, Mar 26, 2024 at 7:40 AM Christian Brauner <brauner@xxxxxxxxxx> wrote: > > For bigger changes it's also worthwhile if the object that's passed down > into the hook-based LSM layer is as specific as possible. If someone > does a change that affects lifetime rules of mounts then any hook that > takes a struct path argument that's unused means going through each LSM > that implements the hook only to find out it's not actually used. > Similar for dentry vs inode imho. For bigger changes please always ensure that the LSM list, and any related LSM implementation lists, are on the To/CC line. While we appreciate Christian's input (and Al's, and all the other VFS devs) on VFS matters, there are often other considerations that need to be taken into account when discussing LSM related issues. Generally, "specific as possible" is good input, but it isn't the only thing we need to worry about, and sometimes other requirements mean that it isn't the best choice. Just as we want the VFS devs involved in discussions about VFS related LSM hooks (these new IMA/EVM-related LSM hooks were sent to, and reviewed by the VFS folks), I would hope the VFS devs would want to include the LSM devs on any LSM related issues and would try to avoid speaking on behalf of the LSM devs and maintainers. -- paul-moore.com
