> > > > > We need to make sure that ima_post_path_mknod() has the same parameters > > > > > as the LSM hook at the time we register it to the LSM infrastructure. > > > > > > > > I'm trying to understand why the pre hook parameters and the missing > > > > IMA parameter are used, as opposed to just defining the new > > > > post_path_mknod hook like IMA. > > > > > > As an empyrical rule, I pass the same parameters as the corresponding > > > pre hook (plus idmap, in this case). This is similar to the > > > inode_setxattr hook. But I can be wrong, if desired I can reduce. > > > > The inode_setxattr hook change example is legitimate, as EVM includes > > idmap, while IMA doesn't. > > > > Unless there is a good reason for the additional parameters, I'm not > > sure that adding them makes sense. Not modifying the parameter list > > will reduce the size of this patch set. > > The hook is going to be used by any LSM. Without knowing all the > possible use cases, maybe it is better to include more information now, > than modifying the hook and respective implementations later. > > (again, no problem to reduce) Unless there is a known use case for a specific parameter, please minimize them. Additional parameters can be added later as needed. -- thanks, Mimi
