On 10/10/2025 11:06 AM, Song Liu wrote: > On Fri, Oct 10, 2025 at 6:27 AM Maxime Bélair > <[email protected]> wrote: > [...] >> --- a/security/lsm_syscalls.c >> +++ b/security/lsm_syscalls.c >> @@ -118,3 +118,15 @@ SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, >> u32 __user *, size, >> >> return lsm_active_cnt; >> } >> + >> +SYSCALL_DEFINE6(lsm_config_self_policy, u32, lsm_id, u32, op, void __user *, >> + buf, u32 __user, size, u32, common_flags, u32, flags) >> +{ >> + return 0; >> +} >> + >> +SYSCALL_DEFINE6(lsm_config_system_policy, u32, lsm_id, u32, op, void __user >> *, >> + buf, u32 __user, size, u32, common_flags, u32, flags) >> +{ >> + return 0; >> +} > These two APIs look the same. Why not just keep one API and use > one bit in the flag to differentiate "self" vs. "system"?
I think that's a valid point. > > Thanks, > Song >
