On Tue, Jun 04, 2019 at 09:45:14AM -0700, Sean Christopherson wrote: > Heh, yeah, it's not duplicating LSM functionality. What I was trying to > say is that this patch allows LSMs to implement policies that are > equivalent to their existing functionality, e.g. paves the way to add > security_enclave_load() as an equivalent to security_file_mprotect(). I would suggest describing explicitly in the commit message what you want to do, which you said here e.g. "I do this because I want to add LSM hooks". This also relevant information for the LKM discussion. Lets see how the next version looks like now that you have some feedback. In the whole scope of the patch set, in order to make it more readable, I'll give following suggestions on how it is organized: 1. Leave out anything that is not strictly necessary (cosmetic fix, batch operation if possible). Better to focus one thing at a time. 2. Try to organize it so that each function is fully defined in the scope of one patch even if it would mean larger patches. 3. Do not add one call site helpers unless there is a good reason to do so. A good reason would be something like needing to extensive work in error rollback, which would make the caller a mess. /Jarkko
