On Sat, Oct 12, 2019 at 12:15:57PM -0700, Daniel Colascione wrote: > A secure anonymous file is one we hooked up to its own inode (as > opposed to the shared inode we use for non-secure anonymous files). A > new selinux hook gives security modules a chance to initialize, label, > and veto the creation of these secure anonymous files. Security > modules had limit ability to interact with non-secure anonymous files > due to all of these files sharing a single inode.
Again please add Al. Also explain what the problem would be to always use a separate inode.
