On Tue, Jun 18, 2019 at 04:05:26PM -0700, Casey Schaufler wrote: > Patches 0004-0014 replace system use of a "secid" with > a structure "lsmblob" containing information from the > security modules to be held and reused later. At this > point lsmblob contains an array of u32 secids, one "slot" > for each of the security modules compiled into the > kernel that used secids. A "slot" is allocated when > a security module registers a hook for one of the interfaces > that uses a secid or a security context. The infrastructure > is changed to use the slot number to pass the correct > secid to or from the security module hooks. I found 14/25 in your git tree. Very satisfying to see all the scaffolding vanish for process_measurement() :) I like this progression in 4-14; I find it much much easier to review. My only complaint is the variable names. I think I'd prefer "blob" over "le" or "l", which are both contain very little information about what they are. -- Kees Cook
