[RFC PATCH 22/29] safesetid: move initcalls to the LSM framework

Wed May 14 12:18:09 UTC 2025

On 4/9/25 11:50, Paul Moore wrote:
> Signed-off-by: Paul Moore <paul at paul-moore.com>

Reviewed-by: John Johansen <john.johansen at canonical.com>

> ---
>   security/safesetid/lsm.c        | 1 +
>   security/safesetid/lsm.h        | 2 ++
>   security/safesetid/securityfs.c | 3 +--
>   3 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
> index 9a7c68d4e642..d5fb949050dd 100644
> --- a/security/safesetid/lsm.c
> +++ b/security/safesetid/lsm.c
> @@ -289,4 +289,5 @@ static int __init safesetid_security_init(void)
>   DEFINE_LSM(safesetid_security_init) = {
>   	.id = &safesetid_lsmid,
>   	.init = safesetid_security_init,
> +	.initcall_fs = safesetid_init_securityfs,
>   };
> diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h
> index d346f4849cea..bf5172e2c3f7 100644
> --- a/security/safesetid/lsm.h
> +++ b/security/safesetid/lsm.h
> @@ -70,4 +70,6 @@ enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
>   extern struct setid_ruleset __rcu *safesetid_setuid_rules;
>   extern struct setid_ruleset __rcu *safesetid_setgid_rules;
>   
> +int safesetid_init_securityfs(void);
> +
>   #endif /* _SAFESETID_H */
> diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
> index 8e1ffd70b18a..ece259f75b0d 100644
> --- a/security/safesetid/securityfs.c
> +++ b/security/safesetid/securityfs.c
> @@ -308,7 +308,7 @@ static const struct file_operations safesetid_gid_file_fops = {
>   	.write = safesetid_gid_file_write,
>   };
>   
> -static int __init safesetid_init_securityfs(void)
> +int __init safesetid_init_securityfs(void)
>   {
>   	int ret;
>   	struct dentry *policy_dir;
> @@ -345,4 +345,3 @@ static int __init safesetid_init_securityfs(void)
>   	securityfs_remove(policy_dir);
>   	return ret;
>   }
> -fs_initcall(safesetid_init_securityfs);