> -----Original Message----- > From: Tim Chen [mailto:[email protected]] > Sent: Tuesday, October 30, 2018 2:31 PM > To: Schaufler, Casey <[email protected]>; Jiri Kosina > <[email protected]>; Thomas Gleixner <[email protected]> > Cc: Tom Lendacky <[email protected]>; Ingo Molnar > <[email protected]>; Peter Zijlstra <[email protected]>; Josh Poimboeuf > <[email protected]>; Andrea Arcangeli <[email protected]>; David > Woodhouse <[email protected]>; Andi Kleen <[email protected]>; > Hansen, Dave <[email protected]>; Mallick, Asit K > <[email protected]>; Arjan van de Ven <[email protected]>; Jon > Masters <[email protected]>; Waiman Long <[email protected]>; > [email protected]; [email protected]; linux-security-module <linux- > [email protected]> > Subject: Re: [Patch v4 13/18] security: Update security level of a process > when > modifying its dumpability > > On 10/30/2018 01:57 PM, Schaufler, Casey wrote: > > > > > This isn't an LSM hook and hence does not belong in this file. > > arch_set_security() isn't descriptive, and is in fact a bad choice > > as task_struct has a field "security". This function has nothing > > to do with the task->security field, which is what I would expect > > based on the name. > > > > What file will be a logical place for this function?
kernel/cpu.c ? You're working with CPU localized mitigations, right? You don't want it under security/ as that's all supposed to be bits of the LSM infrastructure. > >> + > >> +int update_process_security(struct task_struct *task) > > > > Again, this isn't an LSM hook and does not belong in this file. > > Also again, "security" isn't descriptive in the name. > > > > Thanks. > > Tim
