On Fri, May 31, 2019 at 04:09:47PM -0700, Casey Schaufler wrote: > +++ b/security/integrity/ima/ima_api.c > @@ -159,7 +159,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, > * ima_get_action - appraise & measure decision based on policy. > * @inode: pointer to inode to measure > * @cred: pointer to credentials structure to validate > - * @secid: secid of the task being validated > + * @l: LAM data of the task being validated > * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, > * MAY_APPEND) > * @func: caller identifier Call this "l" just hurts me. Why shouldn't it still be secid? Also typo: LAM -> LSM. -- Kees Cook
