On 6/1/2019 7:06 PM, Kees Cook wrote: > On Fri, May 31, 2019 at 04:09:47PM -0700, Casey Schaufler wrote: >> +++ b/security/integrity/ima/ima_api.c >> @@ -159,7 +159,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, >> * ima_get_action - appraise & measure decision based on policy. >> * @inode: pointer to inode to measure >> * @cred: pointer to credentials structure to validate >> - * @secid: secid of the task being validated >> + * @l: LAM data of the task being validated >> * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, >> * MAY_APPEND) >> * @func: caller identifier > Call this "l" just hurts me. Why shouldn't it still be secid? Changing the type while leaving the name alone, or changed slightly (e.g. secids instead of secid) makes tracking down unchanged uses much harder. How about lsme, or export? > Also typo: LAM -> LSM. That too.
