[PATCH security-next v5 12/30] LSM: Provide separate ordered initialization

Kees Cook keescook at chromium.org
Fri Nov 2 20:49:09 UTC 2018

On Fri, Nov 2, 2018 at 11:13 AM, Mimi Zohar <zohar at linux.ibm.com> wrote:
> I don't recall why "integrity" is on the security_initcall, while both
> IMA and EVM are on the late_initcall().

It's because integrity needs to have a VFS buffer allocated extremely
early, so it used the security init to do it. While it's not an LSM,
it does use this part of LSM infrastructure. I didn't see an obvious
alternative at the time, but now that I think about it, maybe just a
simple postcore_initcall() would work?


Kees Cook

More information about the Linux-security-module-archive mailing list