Hello,

On Thu, Jan 31, 2019 at 11:20:57AM +0100, Ondrej Mosnacek wrote:

Hm, I see... basically the only thing that gets allocated in
kernfs_node_init_security() by default (at least under SELinux/ no
LSM) is the kernfs_iattrs structures, so I assume you are pointing at
that. I think this can be easily fixed, if we again use the assumption

Yeap.

Technically this might make some LSMs unhappy, if they want to set
some non-default context even if parent is all default, but this is
already impossible now and in this case I think we have no better
choice than sacrificing a bit of flexibility for memory efficiency,
which is apparently critical here.

Tejun, Casey, would the above modification be fine with you?

Generally looks good but maybe it can check the attr to see whether
there actually are things which need inheritance?

Thanks.

-- 
tejun