On Wed, May 31, 2023 at 10:00 AM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 5/31/2023 4:05 AM, GONG, Ruiqi wrote: > > As the security infrastructure has taken over the management of multiple > > *_security blobs that are accessed by multiple security modules, and > > sk->sk_security shares the same situation, move its management out of > > individual security modules and into the security infrastructure as > > well. The infrastructure does the memory allocation, and each relavant > > module uses its own share. > > Do you have a reason to make this change? The LSM infrastructure > manages other security blobs to enable multiple concurrently active > LSMs to use the blob. If only one LSM on a system can use the > socket blob there's no reason to move the management. I think an argument could be made for consistent handling of security blobs, but with the LSM stacking work in development the argument for merging this patch needs to be a lot stronger than just "consistency". -- paul-moore.com
