On Fri, Oct 10, 2025 at 6:27 AM Maxime Bélair <[email protected]> wrote: [...] > --- a/security/lsm_syscalls.c > +++ b/security/lsm_syscalls.c > @@ -118,3 +118,15 @@ SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, u32 > __user *, size, > > return lsm_active_cnt; > } > + > +SYSCALL_DEFINE6(lsm_config_self_policy, u32, lsm_id, u32, op, void __user *, > + buf, u32 __user, size, u32, common_flags, u32, flags) > +{ > + return 0; > +} > + > +SYSCALL_DEFINE6(lsm_config_system_policy, u32, lsm_id, u32, op, void __user > *, > + buf, u32 __user, size, u32, common_flags, u32, flags) > +{ > + return 0; > +}
These two APIs look the same. Why not just keep one API and use one bit in the flag to differentiate "self" vs. "system"? Thanks, Song
