On Mon, Dec 17, 2018 at 10:00:07PM -0500, Mimi Zohar wrote:
> Could you expand on commit 5b2ea6199614 ("selinux: switch away from
> match_token()") patch description. All that it says is "It's not a
> good fit, unfortunately, and the next step will make it even less so.
> Open-code what we need here." And there's even less for the
> equivalent Smack patch, which just says "same issue as with
> selinux...".
match_token() would require messing around with strsep() or something
equivalent. It's not a regex; foo=%s has no idea that comma is in any
way special, etc.
As for the next commit... Killing the Cthulhu-awful mess in
selinux_sb_eat_lsm_opts() (allocating two temproraries, concatenating
(comma-separated) non-LSM options into one, concatenating (pipe-separated)
dequoted LSM options into another, then splitting that another by '|'
instances and figuring out which option each piece is, etc.)
is a Good Thing(tm). And having to dance around the needs of
match_token() adds extra headache, for no good reason.
