After the last round of comments on the LSM stacking patches Dmitry Mastykin <dmastykin@xxxxxxxxxxxxx> pointed out a conundrum with reuse of the security_audit_rule functions in integrity rule processing. The audit system wants to match rules for any security module that as one. The integrity system wants to match rules for a single, explicitly defined LSM. The two sub-systems use common code in security.c which needs to be changed to support multiple LSMs, but needs to be changed differently for each of these cases. While it would be possible to create frankensteinish versions of the security_audit_rule functions that would handle both cases it seems that creating "real" versions of the ima_filter_rule functions would be considerably cleaner and easier to maintain going forward. I'm suggesting this now, while I'm still working on the patches, in case there's a solid reason that frankencode is absolutely everybody's favored approach. I plan to propose the disassociation as a patch separate from and in advance of the stacking series. Thanks all.
