[RFC PATCH 20/29] smack: move initcalls to the LSM framework

Paul Moore paul at paul-moore.com
Fri Apr 11 20:09:24 UTC 2025 

On Thu, Apr 10, 2025 at 1:30 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 4/9/2025 11:50 AM, Paul Moore wrote:
> > As the LSM framework only supports one LSM initcall callback for each
> > initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
> > wrapped with a new function, smack_initcall() that is registered with
> > the LSM framework.
> >
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> >  security/smack/smack.h           |  6 ++++++
> >  security/smack/smack_lsm.c       | 16 ++++++++++++++++
> >  security/smack/smack_netfilter.c |  4 +---
> >  security/smack/smackfs.c         |  4 +---
> >  4 files changed, 24 insertions(+), 6 deletions(-)
> >
> > diff --git a/security/smack/smack.h b/security/smack/smack.h
> > index bf6a6ed3946c..709e0d6cd5e1 100644
> > --- a/security/smack/smack.h
> > +++ b/security/smack/smack.h
> > @@ -275,6 +275,12 @@ struct smk_audit_info {
> >  #endif
> >  };
> >
> > +/*
> > + * Initialization
> > + */
> > +int init_smk_fs(void);
> > +int smack_nf_ip_init(void);
> > +
> >  /*
> >   * These functions are in smack_access.c
> >   */
> > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> > index e09b33fed5f0..80b129a0c92c 100644
> > --- a/security/smack/smack_lsm.c
> > +++ b/security/smack/smack_lsm.c
> > @@ -5277,6 +5277,21 @@ static __init int smack_init(void)
> >       return 0;
> >  }
> >
> > +static int smack_initcall(void)
> > +{
> > +     int rc, rc_tmp;
>
> separate lines for the declarations please.

Done.

> > +     rc_tmp = init_smk_fs();
> > +     if (rc_tmp)
> > +             rc = rc_tmp;
>
> Replace these three lines with:
>
>  +      rc = init_smk_fs();

Done.

> > +
> > +     rc_tmp = smack_nf_ip_init();
> > +     if (!rc && rc_tmp)
> > +             rc = rc_tmp;
>
> Change this to
>
>  +      rc_tmp = smack_nf_ip_init();
>  +      return rc ? rc : rc_tmp;
>
> Also change rc_tmp to rc_nf and rc to rc_fs.

Done and done.

> > +
> > +     return rc;
> > +}
> > +
>
> Or:
>
> static int smack_initcall(void)
> {
>         int rc_fs = init_smk_fs();
>         int rc_nf = smack_nf_ip_init();
>
>         return rc_fs ? rc_fs : rc:nf;
> }

Done (with the typo fix you mentioned later).

Thanks for taking a look.


--
paul-moore.com

More information about the Linux-security-module-archive mailing list