On Mon, Oct 27, 2025 at 8:46 PM Al Viro <[email protected]> wrote: > > Don't bother to store the dentry of /policy_capabilities - it belongs > to invariant part of tree and we only use it to populate that directory, > so there's no reason to keep it around afterwards. > > Same situation as with /avc, /ss, etc. There are two directories that > get replaced on policy load - /class and /booleans. These we need to > stash (and update the pointers on policy reload); /policy_capabilities > is not in the same boat. > > Signed-off-by: Al Viro <[email protected]> > --- > security/selinux/selinuxfs.c | 21 +++++++++------------ > 1 file changed, 9 insertions(+), 12 deletions(-)
Acked-by: Paul Moore <[email protected]> -- paul-moore.com
