From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH 0/2] ima: policy search speedup Date: Tue, 11 Dec 2012 14:48:40 -0500 Message-ID: <1355255320.2356.148.camel@falcor> References: <1355234914.2356.85.camel@falcor> <1355249884.2356.108.camel@falcor> <1355252392.2356.131.camel@falcor> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: Eric Paris , "Kasatkin, Dmitry" , Al Viro , linux-fsdevel , LSM List , Linux Kernel Mailing List , James Morris To: Linus Torvalds Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tue, 2012-12-11 at 11:10 -0800, Linus Torvalds wrote: > Anyway, the whole "you can do it at file granularity" isn't the bulk > of my argument (the "we already have the field that makes sense" is). > But my point is that per-inode is not only the logically more > straightforward place to do it, it's also the much more flexible place > to do it. Because it *allows* for things like that. Ok. To summarize, S_IMA indicates that there is a rule and that the iint was allocated. To differentiate between 'haven't looked/don't know' and 'definitely not', we need another bit. For this, you're suggesting using IS_PRIVATE()? Hopefully, I misunderstood. thanks, Mimi