[RFC PATCH v2 26/34] smack: move initcalls to the LSM framework

[Casey Schaufler]

On 7/28/2025 3:34 PM, Paul Moore wrote:
> On Mon, Jul 28, 2025 at 5:46 AM Roberto Sassu
> <roberto.sassu at huaweicloud.com> wrote:
>> On Mon, 2025-07-21 at 19:21 -0400, Paul Moore wrote:
>>> As the LSM framework only supports one LSM initcall callback for each
>>> initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
>>> wrapped with a new function, smack_initcall() that is registered with
>>> the LSM framework.
>>>
>>> Signed-off-by: Paul Moore <paul at paul-moore.com>
>>> ---
>>>  security/smack/smack.h           | 7 +++++++
>>>  security/smack/smack_lsm.c       | 9 +++++++++
>>>  security/smack/smack_netfilter.c | 4 +---
>>>  security/smack/smackfs.c         | 4 +---
>>>  4 files changed, 18 insertions(+), 6 deletions(-)
>>>
>>> diff --git a/security/smack/smack.h b/security/smack/smack.h
>>> index bf6a6ed3946c..885a2f2929fd 100644
>>> --- a/security/smack/smack.h
>>> +++ b/security/smack/smack.h
>>> @@ -275,6 +275,13 @@ struct smk_audit_info {
>>>  #endif
>>>  };
>>>
>>> +/*
>>> + * Initialization
>>> + */
>>> +int init_smk_fs(void);
>>> +int smack_nf_ip_init(void);
>> I made the following changes (due to not having
>> CONFIG_SECURITY_SMACK_NETFILTER) ...
> Nice catch, thanks Roberto!
>
> I made a slight change to use the defined(SMACK_NETFILTER) macro as
> done elsewhere in the Smack code, but otherwise it looks good to me.
> Casey, are you okay with this?

Sure. 

>
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index 885a2f2929fd..3662d61bb32e 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -278,8 +278,15 @@ struct smk_audit_info {
> /*
>  * Initialization
>  */
> -int init_smk_fs(void);
> +#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
> int smack_nf_ip_init(void);
> +#else
> +static inline int smack_nf_ip_init(void);
> +{
> +       return 0;
> +}
> +#endif
> +int init_smk_fs(void);
> int smack_initcall(void);
>