On Thu, Jun 22, 2017 at 9:54 AM, Casey Schaufler [off-list ref] wrote:

On 6/22/2017 1:45 AM, Steve Kemp wrote:

quoted

This commit moves the call to initialize the LSM modules inline
into the LSM-files themselves.

This removes the need to hunt around for the setup, which was
something that bit me when I wrote my own (unrelated) LSM.

Keeping LSM code in one place, including the setup of the
hooks seems like a sane choice.

The module initialization code belongs in the module.
The LSM infrastructure should have an absolute minimum
of module specific information. I would rather see the
"minor" modules (yama, loadpin) changed to use the module
registration scheme used by the "major" modules, but that
will require a mechanism to ensure module ordering, and
we don't have that yet. No, don't do this.

Yeah, I agree: initialization order is important here and I don't want
to depend on the Makefile for this.

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html