On 1/27/22 11:53, Mimi Zohar wrote:
On Tue, 2022-01-25 at 17:46 -0500, Stefan Berger wrote:
From: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Enable multiple instances of securityfs by keying each instance with a
pointer to the user namespace it belongs to.
Since we do not need the pinning of the filesystem for the virtualization
case, limit the usage of simple_pin_fs() and simpe_release_fs() to the
case when the init_user_ns is active. This simplifies the cleanup for the
virtualization case where usage of securityfs_remove() to free dentries
is not needed anymore.
Could you add a sentence here explaining why securityfs_remove() isn't
needed in the virtualization case?
At this point the reason is that simple_pin_fs() is not used for the
virtualization case.
Maybe it should say: ... to free dentries is *therefore* not needed anymore.
Stefan
