On 10/9/2019 7:44 PM, James Morris wrote: > On Wed, 9 Oct 2019, Casey Schaufler wrote: > >> On 10/9/2019 3:14 PM, James Morris wrote: >>> On Wed, 9 Oct 2019, Casey Schaufler wrote: >>> >>>> Please consider making the perf_alloc security blob maintained >>>> by the infrastructure rather than the individual modules. This >>>> will save it having to be changed later. >>> Is anyone planning on using this with full stacking? >>> >>> If not, we don't need the extra code & complexity. Stacking should only >>> cover what's concretely required by in-tree users. >> I don't believe it's any simpler for SELinux to do the allocation >> than for the infrastructure to do it. I don't see anyone's head >> exploding over the existing infrastructure allocation of blobs. >> We're likely to want it at some point, so why not avoid the hassle >> and delay by doing it the "new" way up front? > Because it is not necessary. The logic escapes me, but OK.
