On Wed, May 27, 2026 at 5:17 AM Christian Brauner <[email protected]> wrote: [...] > > 1/7 adds new hooks: > > lsm: Add granular mount hooks to replace security_sb_mount > > 2/7 through 6/7 migrate LSMs from old hooks to new hooks: > > apparmor: Remove redundant MS_MGC_MSK stripping in apparmor_sb_mount > > apparmor: Convert from sb_mount to granular mount hooks > > selinux: Convert from sb_mount to granular mount hooks > > landlock: Convert from sb_mount to granular mount hooks > > tomoyo: Convert from sb_mount to granular mount hooks > > 7/7 removes old hooks: > > lsm: Remove security_sb_mount and security_move_mount > > > > Some ideas to change this: > > My thought had been: > > * Add the new hooks to security/. > * add the individual lsm implementations. > * Now replace the old hooks with the new hooks in fs/namespace.c > * Delete the old hooks in security/ > > IOW, why the migration step? It is a full replacement anyway.
I think having a migration like this doesn't really make review more difficult. But I am OK refactoring the patches as requested. Paul, do you have a strong preference either way? Thanks, Song
