...

quoted

quoted

First a suggestion, take it or leave it.
The name of the hook _notify() seems misleading to me.
naming the hook security_path_watch() seems much more
appropriate and matching the name of the constants FILE__WATCH
used by selinux.

I guess I'm not too bothered by either name, Aaron?  FWIW, if I was
writing this hook, I would probably name it
security_fsnotify_path(...).

Or even just security_fsnotify()

While I'm not necessarily attached to the name, I feel as though
"misleading" is too strong a word here.

Agree. It is not misleading, but I should note that you yourself
named the security class "watch", so why the inconsistency?

Notify seems to be an
appropriate enough term to me as every call to the hook, and thus all
the logic to which the hook adds security, lives in the notify/ subtree.

Well, if nobody cares about the name, it's fine by me.

I wanted to point your attention to this proposal by David Howells:
https://lore.kernel.org/linux-fsdevel/155991706847.15579.4702772917586301113.stgit@warthog.procyon.org.uk/ (local)

His proposal adds new types of watches, for keyring changes,
mount changes, etc and he proposed security hooks for setting
new watches named "watch_XXX" and for posting notifications
called "post_notification". The latter was later rejected by
Stephen Smalley:
https://lore.kernel.org/linux-fsdevel/cd657aab-e11c-c0b1-2e36-dd796ca75b75@tycho.nsa.gov/ (local)
https://lore.kernel.org/linux-fsdevel/541e5cb3-142b-fe87-dff6-260b46d34f2d@tycho.nsa.gov/ (local)

Just to have a perspective why the hook name "notify_path" may end up
being a bit ambiguous down the road.

Thanks,
Amir.