On Wed, Aug 26, 2020 at 9:02 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > Generally the core SELinux permission checking code assumes it can be > called from any context (including hardirq) and under any locking > conditions, and hooks that are for permission checking (not security > blob allocation/management) do the same. This allows permission > checks to be performed while locks are held by the caller. and from > arbitrary contexts I'd be inclined to just leave selinux_lockdown > unchanged given that it might be called anywhere much like capable(). Agreed. The code paths relating to policy load, etc. are good candidates for an ATOMIC->KERNEL conversion, assuming no other constraints, but I'm somewhat nervous of converting stuff in hook.c that doesn't have a hard sleep-ability defined. The other question about this patchset is motivation: were you seeing problem reports relating to SELinux memory failures when the system was under pressure, or is this preemptive? -- paul moore www.paul-moore.com
