On 12/31/2021 5:08 AM, Denis Obrezkov wrote:

Hello,

I am trying to understand how smack works (looking at
smack_inode_permission hook). I can see that that smack security
information is taken from  cred->security and inode->i_security but how
did they get in there?

The LSM infrastructure (security/security.c) allocates cred and inode
security blobs. This allows multiple security modules to use them.

  Also, when does it happen? (for a task and for a
file)

security_cred_alloc() and security_inode_alloc().

I am the Smack maintainer. Feel free to ask anything you'd
like here and to me directly.