On Tue, 15 Mar 2016, Seth Forshee wrote: > On Tue, Mar 15, 2016 at 03:09:00PM +0300, Pavel Tikhomirov wrote: > > If in_userns returns false mnt_may_suid also returns false, and we > > will reach second(removed) if-check only in case it does not trigger, > > so remove it. > > We had a somewhat lengthy discussion previously where one of the > conclusions was that we'd have that check in both places even though > it's redundant. Iirc the reason was that though they're doing the same > test they're doing so to answer different questions, so we should have > the test in both places (or something along those lines). A comment in the code might be useful here. -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
