On Thu, Nov 05, 2020 at 01:33:21PM -0800, Lokesh Gidra wrote: > This change adds a new LSM hook, inode_init_security_anon(), that > will be used while creating secure anonymous inodes. Will be used to do what? To assign a security context to the inode and to allow/deny creating it, right? > > The new hook accepts an optional context_inode parameter that > callers can use to provide additional contextual information to > security modules for granting/denying permission to create an anon- > inode of the same type. It looks like the hook also uses the context_inode parameter to assign a security context to the inode. Is that correct? It looks like that's what the code does, so if you could get the commit messages in sync, that would be helpful. I'm actually still not completely sure I'm understanding the intent here, given that different places say different things. - Eric