tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

smack: move initcalls to the LSM framework

As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 06643d55 d934f97d

+25 -6
+14
security/smack/smack.h
··· 276 276 }; 277 277 278 278 /* 279 + * Initialization 280 + */ 281 + #if defined(CONFIG_SECURITY_SMACK_NETFILTER) 282 + int smack_nf_ip_init(void); 283 + #else 284 + static inline int smack_nf_ip_init(void) 285 + { 286 + return 0; 287 + } 288 + #endif 289 + int init_smk_fs(void); 290 + int smack_initcall(void); 291 + 292 + /* 279 293 * These functions are in smack_access.c 280 294 */ 281 295 int smk_access_entry(char *, char *, struct list_head *);
+9
security/smack/smack_lsm.c
··· 5275 5275 return 0; 5276 5276 } 5277 5277 5278 + int __init smack_initcall(void) 5279 + { 5280 + int rc_fs = init_smk_fs(); 5281 + int rc_nf = smack_nf_ip_init(); 5282 + 5283 + return rc_fs ? rc_fs : rc_nf; 5284 + } 5285 + 5278 5286 /* 5279 5287 * Smack requires early initialization in order to label 5280 5288 * all processes and objects when they are created. ··· 5292 5284 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, 5293 5285 .blobs = &smack_blob_sizes, 5294 5286 .init = smack_init, 5287 + .initcall_device = smack_initcall, 5295 5288 };
+1 -3
security/smack/smack_netfilter.c
··· 68 68 .exit = smack_nf_unregister, 69 69 }; 70 70 71 - static int __init smack_nf_ip_init(void) 71 + int __init smack_nf_ip_init(void) 72 72 { 73 73 if (smack_enabled == 0) 74 74 return 0; ··· 76 76 printk(KERN_DEBUG "Smack: Registering netfilter hooks\n"); 77 77 return register_pernet_subsys(&smack_net_ops); 78 78 } 79 - 80 - __initcall(smack_nf_ip_init);
+1 -3
security/smack/smackfs.c
··· 2978 2978 * Returns true if we were not chosen on boot or if 2979 2979 * we were chosen and filesystem registration succeeded. 2980 2980 */ 2981 - static int __init init_smk_fs(void) 2981 + int __init init_smk_fs(void) 2982 2982 { 2983 2983 int err; 2984 2984 int rc; ··· 3021 3021 3022 3022 return err; 3023 3023 } 3024 - 3025 - __initcall(init_smk_fs);