On 6/18/2019 10:21 PM, Kees Cook wrote: > On Tue, Jun 18, 2019 at 04:05:26PM -0700, Casey Schaufler wrote: >> Patches 0004-0014 replace system use of a "secid" with >> a structure "lsmblob" containing information from the >> security modules to be held and reused later. At this >> point lsmblob contains an array of u32 secids, one "slot" >> for each of the security modules compiled into the >> kernel that used secids. A "slot" is allocated when >> a security module registers a hook for one of the interfaces >> that uses a secid or a security context. The infrastructure >> is changed to use the slot number to pass the correct >> secid to or from the security module hooks. > I found 14/25 in your git tree. Very satisfying to see all the > scaffolding vanish for process_measurement() :) > > I like this progression in 4-14; I find it much much easier to review. > My only complaint is the variable names. I think I'd prefer "blob" over > "le" or "l", which are both contain very little information about what > they are. I know what they are! OK, I get it. Using "blob" would make it more obvious. It's an relatively easy change, so I'll incorporate it going forward.
