[RFC PATCH 08/29] lsm: get rid of the lsm_names list and do some cleanup
Paul Moore
paul at paul-moore.com
Fri Apr 11 03:14:08 UTC 2025
On Thu, Apr 10, 2025 at 10:15 PM Kees Cook <kees at kernel.org> wrote:
> On Thu, Apr 10, 2025 at 06:47:12PM -0400, Paul Moore wrote:
> > On Wed, Apr 9, 2025 at 7:13 PM Kees Cook <kees at kernel.org> wrote:
> > > Better yet, do this whole thing in a initcall after LSMs are loaded, and
> > > both can gain __ro_after_init...
> >
> > I *really* disliked all the stuff we were having to do during boot,
> > and all the redundant global state we were keeping around. I'll go
> > ahead and cache the lsm_read() result local to the function but that's
> > probably all I'm going to accept at this point in time.
>
> Oh, for sure. I love that all that can get thrown away. I mean literally
> copy/paste what you have in lsm_read() and stick it immediately before
> the "lsms are done loading" notifier. Then it only needs to be done
> once, it's impossible to race, etc.
Maybe I'll change my mind at some point, but right now I'm feeling
pretty strongly against generating the list string at boot. I've
added a basic cache protected by a dumb spinlock in lsm_read which
should work.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list