From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754654Ab2LKTsz (ORCPT ); Tue, 11 Dec 2012 14:48:55 -0500 Received: from e37.co.us.ibm.com ([32.97.110.158]:34320 "EHLO e37.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753056Ab2LKTsy (ORCPT ); Tue, 11 Dec 2012 14:48:54 -0500 Message-ID: <1355255320.2356.148.camel@falcor> Subject: Re: [PATCH 0/2] ima: policy search speedup From: Mimi Zohar To: Linus Torvalds Cc: Eric Paris , "Kasatkin, Dmitry" , Al Viro , linux-fsdevel , LSM List , Linux Kernel Mailing List , James Morris Date: Tue, 11 Dec 2012 14:48:40 -0500 In-Reply-To: References: <1355234914.2356.85.camel@falcor> <1355249884.2356.108.camel@falcor> <1355252392.2356.131.camel@falcor> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3 (3.2.3-3.fc16) Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 12121119-7408-0000-0000-00000AF1135D Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2012-12-11 at 11:10 -0800, Linus Torvalds wrote: > Anyway, the whole "you can do it at file granularity" isn't the bulk > of my argument (the "we already have the field that makes sense" is). > But my point is that per-inode is not only the logically more > straightforward place to do it, it's also the much more flexible place > to do it. Because it *allows* for things like that. Ok. To summarize, S_IMA indicates that there is a rule and that the iint was allocated. To differentiate between 'haven't looked/don't know' and 'definitely not', we need another bit. For this, you're suggesting using IS_PRIVATE()? Hopefully, I misunderstood. thanks, Mimi