This series adds recursive policy validation, allowing you to specify complex policies involving nested attributes, both * attributes that directly contain new nested attributes (NLA_NESTED) * attributes that have nested attributes used as an array, where the type of each inner attribute is irrelevant/ignored but each of them yet again contains nested attributes that should conform to a given policy (the new NLA_NESTED_ARRAY) This is useful for a more compact representation of the policy for the attributes, which - among other benefits - makes it more easily seen when reading the code, requiring reading just the policy instead of digging into all the usage/nested validation code. In terms of code benefits, it means possibly some validation code can be removed. One thing to be aware of: retrofitting this to existing policies may in fact break userspace - it might have been sending broken but ignored attributes, which global enforcement of the (nested) policy would now prevent. johannes
