On Tue, 2022-08-23 at 16:12 +0800, Guozihua (Scott) wrote: > > The question is whether we're waiting for the SELinux policy to change > > from ESTALE or whether it is the number of SELinux based IMA policy > > rules or some combination of the two. Retrying three times seems to be > > random. If SELinux waited for ESTALE to change, then it would only be > > dependent on the time it took to update the SELinux based IMA policy > > rules. > > We are waiting for ima_lsm_update_rules() to finish re-initializing all > the LSM based rules. Fine. Hopefully retrying a maximum of 3 times is sufficient. -- thanks, Mimi
