Eric Haszlakiewicz wrote:

> 	I would have thought that something like this would be a mountpoint
> option instead of a per-file thing.  
> e.g. in veriexec_verify():
> 	if (vp->v_mount->mnt_flag & MNT_UNTRUSTED ||
> 	    do_something_extra_for_unionfs_or_nullfs_or_...)
> 		vhe->type |= VERIEXEC_UNTRUSTED;

I don't like the idea of adding a mount flag that is conditional. We can
achieve the same without doing it, (i.e., storing the flag in the table
for the mount and not the mount itself) this is really cosmetics...

-e.

-- 
Elad Efrat