On Sat, May 9, 2020 at 1:15 PM Eric W. Biederman <[email protected]> wrote:
>
> I agree something needs to be renamed, to remove confusion.
Yeah, the alternative is to rename the capability version. I don't
care much which way it goes, although I do think it's best to call out
explicitly that the security hook functions get only the "primary"
executable brpm info.
Which is why I'd prefer to just rename all those low-level security
cases. It makes for a slightly bigger patch, but I think it makes for
better readability, and makes it explicit that that hook is literally
just for the primary executable, not for the interpreter or whatever.
Linus
