[PATCH v2] Moved module init-functions into the module.

Kees Cook keescook at chromium.org
Thu Jun 22 16:56:10 UTC 2017


On Thu, Jun 22, 2017 at 9:54 AM, Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 6/22/2017 1:45 AM, Steve Kemp wrote:
>> This commit moves the call to initialize the LSM modules inline
>> into the LSM-files themselves.
>>
>> This removes the need to hunt around for the setup, which was
>> something that bit me when I wrote my own (unrelated) LSM.
>>
>> Keeping LSM code in one place, including the setup of the
>> hooks seems like a sane choice.
>
> The module initialization code belongs in the module.
> The LSM infrastructure should have an absolute minimum
> of module specific information. I would rather see the
> "minor" modules (yama, loadpin) changed to use the module
> registration scheme used by the "major" modules, but that
> will require a mechanism to ensure module ordering, and
> we don't have that yet. No, don't do this.

Yeah, I agree: initialization order is important here and I don't want
to depend on the Makefile for this.

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list