On Thu, Apr 10, 2025 at 06:53:15AM -0700, Ackerley Tng wrote: > > So why do other alloc_anon_inode callers not need > > security_inode_init_security_anon? > > Thanks for this tip! > > When I did this refactoring, I was just refactoring > anon_inode_create_getfile(), to set up the guest_memfd inode and file in > separate stages, and anon_inode_create_getfile() was already using > security_inode_init_security_anon(). > > In the next revision I can remove this call. > > Is it too late to remove the call to security_inode_init_security_anon() > though? IIUC it is used by LSMs, which means security modules may > already be assuming this call? I'd really like to here from the security folks if we need it or not, both in this case and for other alloc_anon_inode callers.
