[RFC PATCH v2 26/34] smack: move initcalls to the LSM framework
Paul Moore
paul at paul-moore.com
Mon Jul 28 22:34:00 UTC 2025
On Mon, Jul 28, 2025 at 5:46 AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
> On Mon, 2025-07-21 at 19:21 -0400, Paul Moore wrote:
> > As the LSM framework only supports one LSM initcall callback for each
> > initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
> > wrapped with a new function, smack_initcall() that is registered with
> > the LSM framework.
> >
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> > security/smack/smack.h | 7 +++++++
> > security/smack/smack_lsm.c | 9 +++++++++
> > security/smack/smack_netfilter.c | 4 +---
> > security/smack/smackfs.c | 4 +---
> > 4 files changed, 18 insertions(+), 6 deletions(-)
> >
> > diff --git a/security/smack/smack.h b/security/smack/smack.h
> > index bf6a6ed3946c..885a2f2929fd 100644
> > --- a/security/smack/smack.h
> > +++ b/security/smack/smack.h
> > @@ -275,6 +275,13 @@ struct smk_audit_info {
> > #endif
> > };
> >
> > +/*
> > + * Initialization
> > + */
> > +int init_smk_fs(void);
> > +int smack_nf_ip_init(void);
>
> I made the following changes (due to not having
> CONFIG_SECURITY_SMACK_NETFILTER) ...
Nice catch, thanks Roberto!
I made a slight change to use the defined(SMACK_NETFILTER) macro as
done elsewhere in the Smack code, but otherwise it looks good to me.
Casey, are you okay with this?
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 885a2f2929fd..3662d61bb32e 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -278,8 +278,15 @@ struct smk_audit_info {
/*
* Initialization
*/
-int init_smk_fs(void);
+#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
int smack_nf_ip_init(void);
+#else
+static inline int smack_nf_ip_init(void);
+{
+ return 0;
+}
+#endif
+int init_smk_fs(void);
int smack_initcall(void);
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list