On Thu, 2023-10-12 at 13:10 -0400, Mimi Zohar wrote: > > > > > > We need to make sure that ima_post_path_mknod() has the > > > > > > same parameters > > > > > > as the LSM hook at the time we register it to the LSM > > > > > > infrastructure. > > > > > > > > > > I'm trying to understand why the pre hook parameters and the > > > > > missing > > > > > IMA parameter are used, as opposed to just defining the new > > > > > post_path_mknod hook like IMA. > > > > > > > > As an empyrical rule, I pass the same parameters as the > > > > corresponding > > > > pre hook (plus idmap, in this case). This is similar to the > > > > inode_setxattr hook. But I can be wrong, if desired I can > > > > reduce. > > > > > > The inode_setxattr hook change example is legitimate, as EVM > > > includes > > > idmap, while IMA doesn't. > > > > > > Unless there is a good reason for the additional parameters, I'm > > > not > > > sure that adding them makes sense. Not modifying the parameter > > > list > > > will reduce the size of this patch set. > > > > The hook is going to be used by any LSM. Without knowing all the > > possible use cases, maybe it is better to include more information > > now, > > than modifying the hook and respective implementations later. > > > > (again, no problem to reduce) > > Unless there is a known use case for a specific parameter, please > minimize them. Additional parameters can be added later as needed. Ok. I did the same for inode_post_create_tmpfile. Thanks Roberto
