David Howelという人が、8/15にLinus宛でLKML他を多数ccして、"Adding a security parameter to VFS functions"という記事を投稿している。すぐに「AppArmorの提案とどう違うんだ？」というレスがついたが、どうもDavidはAppArmorの提案は読んでいないようだ（残念）。すると、Andreas Gruenbacherが親切に説明してくれている。

On Wednesday 15 August 2007 18:23, Casey Schaufler wrote:
>> > > Hi Linus, Al,
>> > > 
>> > > Would you object greatly to functions like vfs_mkdir() gaining a security
>> > > parameter?
> > 
> > Could you describe how this compares to the proposal that the
> > AppArmor developers suggested recently? I expect that we can 
> > reduce the amount of discussion required, and maybe avoid some
> > confusion if you could do that.

That's from one of those patches:

-int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
+int vfs_mkdir(struct inode *dir, struct dentry *dentry, struct vfsmount *mnt,
+             int mode)

We need the vfsmount in the LSM hooks in addition to the dentry in order to 
figure out where in the filesystem namespace we are. The various vfs_ 
functions are the ones calling the LSM hooks. (The same could be achieved 
passing a struct path instead.)
-- Andreas

"We need"とあるが、実はAndreasこそが、AppArmorのパッチを投稿している本人だ。だから、彼がこのスレッドに反応するのは当然で、その気持ちはよくわかる。Davidの元のメールにLinus様が返答をつけているが、それがなかなか強烈だ。

On Wed, 15 Aug 2007, David Howells wrote:
> > 
> > Would you object greatly to functions like vfs_mkdir() gaining a security
> > parameter?  What I'm thinking of is this:
> > 
> > 	int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode,
> > 		      struct security *security)

I personally consider this an affront to everythign that is decent.

Why the *hell* would mkdir() be so magical as to need something like that?

Make it something sane, like a "struct nameidata" instead, and make it at 
least try to look like the path creation that is done by "open()".  Or 
create a "struct file *" or something.

I can imagine having "mkdir()" being passed similar data as "open()" (ie 
"lookup()"), but I cannot _possibly_ imagine it ever being valid to pass 
in something totally made-up to just mkdir(), and nothing else. There's 
something fundamentally wrong there.

What makes mkdir() so magical?

Also, what about all the other ops? Why is mkdir() special, but not 
"mknod()"? Why is "mkdir()" special, but not "rmdir()"? Really, none of 
this seems to make any sense unless you describe what is so magical about 
mkdir().

		Linus

Linusはこうしてたまに発言するが、どうもLKMLだけ見ていると気が短いような気がしてならない。それはともかくLinusの強烈な発言に対して、TOMOYO Linuxの提案にもレスをつけてくれているKyle Moffet氏が、"Not speaking directly for David"と言いつつ、一種フォローをいれているが、結局このスレッドはこれ以降進展がなく死んでいる。