From: Casey Schaufler <casey@schaufler-ca.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] tomoyo: Swicth from cred->security to task_struct->security.
Date: Fri, 18 Jan 2019 10:02:51 -0800 [thread overview]
Message-ID: <538ebe59-c25a-5eeb-e371-55fb8fd6fc39@schaufler-ca.com> (raw)
In-Reply-To: <c1455a86-2444-9e60-23be-a98a77f87fa5@i-love.sakura.ne.jp>
On 1/18/2019 9:17 AM, Tetsuo Handa wrote:
> On 2019/01/19 2:01, Casey Schaufler wrote:
>>> -/**
>>> - * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread.
>>> - *
>>> - * @task: Pointer to "struct task_struct".
>>> + * @task - Pointer to "struct task_struct".
>>> *
>>> * Returns pointer to "struct tomoyo_security" for specified thread.
>>> */
>>> -static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
>>> - *task)
>>> +static inline struct tomoyo_security *tomoyo_security(struct task_struct *task)
>> Could you use tomoyo_task() instead of tomoyo_security()?
> Possible. But tomoyo_task() might be more confusing because it sounds like
> "struct task_struct" when it actually returns "struct task_struct"->security.
>
> Isn't tomoyo_task_security() better if I rename?
To my mind that just adds a _security suffix in a place where
we pretty well know you're doing something about security. I
used the <lsm>_<blob>() convention in part because it was usually
no longer than referencing the blob. smack_cred(cred) isn't
much longer than cred->security, whereas smack_cred_blob()
or smack_cred_security_blob() would be. I admit that I'm
looking at it from the viewpoint of someone who cares more about
how security modules are structured in general than I am in
how a specific module works.
In the end it's your code, but I hate to see divergence so
soon after I put a bit of order in place.
>> To the extent that it's been possible I've worked to add
>> consistency in the security modules, and this breaks it.
> Do you want me to rename
>
> /* Structure for "struct task_struct"->security. */
> struct tomoyo_security {
> struct tomoyo_domain_info *domain_info;
> struct tomoyo_domain_info *old_domain_info;
> };
>
> to "struct tomoyo_task" or "struct tomoyo_task_security" as well?
tomoyo_task would be my choice. Again, isn't appending _security
to things just adding keystrokes?
prev parent reply other threads:[~2019-01-18 18:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 10:18 [PATCH] tomoyo: Swicth from cred->security to task_struct->security Tetsuo Handa
2019-01-18 14:49 ` [PATCH v2] " Tetsuo Handa
2019-01-19 14:11 ` [PATCH v3] " Tetsuo Handa
2019-01-23 9:49 ` Tetsuo Handa
2019-01-23 19:34 ` James Morris
2019-01-23 19:38 ` James Morris
2019-01-18 17:01 ` [PATCH] " Casey Schaufler
2019-01-18 17:17 ` Tetsuo Handa
2019-01-18 18:02 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538ebe59-c25a-5eeb-e371-55fb8fd6fc39@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.