[RFC PATCH 0/29] Rework the LSM initialization

[Kees Cook]

On Thu, Apr 10, 2025 at 07:13:11AM -0700, Casey Schaufler wrote:
> On 4/9/2025 11:49 AM, Paul Moore wrote:
> > This is one of those patchsets that started out small and then quickly
> > expanded to what you see here.  I will warn you that some of the
> > individual patches are a bit ugly to look at, but I believe the end
> > result is much cleaner than what we have now, fixes some odd/undesirable
> > behavior on boot, and enables some new functionality.
> >
> > The most obvious changes are the extraction of the LSM notifier and
> > initialization code out of security/security.c and into their own files,
> > security/lsm_notifier.c and security/lsm_init.c.  While not strictly
> > necessary, I think we can all agree that security/security.c has grown
> > to be a bit of a mess, and these are two bits of functionality which
> > can be extracted out into their own files without too much fuss.  I
> > personally find this to be a nice quality-of-life improvement, and while
> > I'm open to keeping everything in security.c, the argument for doing so
> > is going to need to be *very* persuasive.
> 
> It's something I've considered doing as part of the stacking work,
> but that I have eschewed in the spirit of churn reduction. I've no
> problem with it.

Yeah, to be clear, I'm a fan of these refactorings. :)

> There's a lot of churn here due to unnecessary name changes. I can't
> say they're unjustified, but the patch set is bigger than it needs to
> be, and more disruptive.

If renamings are desired, sure, let's do it, but I'd love to see them
very distinctly separated from logical changes.

-- 
Kees Cook