Re: [PATCH] kobject support for LSM core

[Greg KH <greg@kroah.com>]

On Mon, Mar 10, 2003 at 01:13:10AM +0100, Petr Baudis wrote:
> 
>   the following patch (against 2.5.64) introduces kobject infrastructure
> scaffolding to the LSM framework. It does nothing but allocating security root
> subsystem for the LSMs, so that they are tied to one specific point in the
> kobject hierarchy. They are suggested to create own subsystems under the
> security subsystem, however such things are completely up to the individual
> LSMs and not regulated by core in any way (it's not that I would so much like
> such an approach, but I was advised so by GregKH and it makes sense in its own
> way as well).

Hm, I thought I advised not doing this at all :)

Anyway, if we were to add this, you might want to:

> +
> +/* kobject stuff */
> +
> +/* We define only the base subsystem here and leave everything to a LSM. It is
> + * heavily recommended that the LSM should create own subsystem under this one,
> + * so that it can be easily made stackable and it doesn't confuse userland by
> + * exporting its stuff directly to /sys/security/. */
> +decl_subsys(security,NULL);

Add a prototype of this variable to security.h so that everyone can
actually see it who wants to use it.

> +/**
> + * security_kobj_init - initializes the security kobject subsystem
> + *
> + * This is called after security_scaffolding_startup as a regular initcall,
> + * since we need sysfs mounted already.
> + */
> +static int __init security_kobj_init (void)
> +{
> +	subsystem_register (&security_subsys);
> +	return 0;
> +}
> +
> +subsys_initcall(security_kobj_init);

Why not initialize this when the security core is initialized?  Why
have a new initcall?

And when do you unregister this subsystem?

> +EXPORT_SYMBOL(security_subsys);

No EXPORT_SYMBOL_GPL() for it?  :)

thanks,

greg k-h