Casey Schaufler wrote: > On 11/1/2016 5:53 AM, Tetsuo Handa wrote: > > I didn't check past discussion, but how do you handle > > security_delete_hooks() > > case (I mean, "selinux" will remain there when reading > > /sys/kernel/security/lsm > > even after it is disabled at runtime)? > > Paul Moore says that SELinux is going to remove the ability > to delete itself in the near future. Since that's the only > module that allows deletion I don't see that it's an issue.
OK. > > > I think holding module name as one of > > "union security_list_options" members will avoid memory allocation handling > > and simplify things. > > I don't see how that would simplify things, and the memory > allocation handling here is pretty basic. I expected we can use simple_read_from_buffer() from iteration loop, but I found it does not work like I want. So, it did not simplify things.
