[RFC PATCH 18/29] loadpin: move initcalls to the LSM framework
John Johansen
john.johansen at canonical.com
Wed May 14 11:57:36 UTC 2025
On 4/9/25 11:50, Paul Moore wrote:
> Signed-off-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: John Johansen <john.johansen at canonical.com>
> ---
> security/loadpin/loadpin.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index b9ddf05c5c16..273ffbd6defe 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -270,11 +270,6 @@ static int __init loadpin_init(void)
> return 0;
> }
>
> -DEFINE_LSM(loadpin) = {
> - .id = &loadpin_lsmid,
> - .init = loadpin_init,
> -};
> -
> #ifdef CONFIG_SECURITY_LOADPIN_VERITY
>
> enum loadpin_securityfs_interface_index {
> @@ -434,10 +429,16 @@ static int __init init_loadpin_securityfs(void)
> return 0;
> }
>
> -fs_initcall(init_loadpin_securityfs);
> -
> #endif /* CONFIG_SECURITY_LOADPIN_VERITY */
>
> +DEFINE_LSM(loadpin) = {
> + .id = &loadpin_lsmid,
> + .init = loadpin_init,
> +#ifdef CONFIG_SECURITY_LOADPIN_VERITY
> + .initcall_fs = init_loadpin_securityfs,
> +#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
> +};
> +
> /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
> module_param(enforce, int, 0);
> MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");
More information about the Linux-security-module-archive
mailing list