From: Kees Cook <kees@kernel.org>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
"John Johansen" <john.johansen@canonical.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Fan Wu" <wufan@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>
Subject: Re: [RFC PATCH 27/29] lsm: consolidate all of the LSM framework initcalls
Date: Wed, 9 Apr 2025 16:52:30 -0700 [thread overview]
Message-ID: <202504091649.E30A1670@keescook> (raw)
In-Reply-To: <20250409185019.238841-58-paul@paul-moore.com>
On Wed, Apr 09, 2025 at 02:50:12PM -0400, Paul Moore wrote:
> The LSM framework itself registers a small number of initcalls, this
> patch converts these initcalls into the new initcall mechanism.
>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> ---
> security/inode.c | 3 +--
> security/lsm.h | 4 ++++
> security/lsm_init.c | 14 ++++++++++++--
> security/min_addr.c | 5 +++--
> 4 files changed, 20 insertions(+), 6 deletions(-)
>
> diff --git a/security/inode.c b/security/inode.c
> index f687e22e6809..671c66c147bc 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -375,7 +375,7 @@ static const struct file_operations lsm_ops = {
> };
> #endif
>
> -static int __init securityfs_init(void)
> +int __init securityfs_init(void)
> {
> int retval;
>
> @@ -394,4 +394,3 @@ static int __init securityfs_init(void)
> #endif
> return 0;
> }
> -core_initcall(securityfs_init);
> diff --git a/security/lsm.h b/security/lsm.h
> index 8ecb66896646..c432dc0c5e30 100644
> --- a/security/lsm.h
> +++ b/security/lsm.h
> @@ -35,4 +35,8 @@ extern struct kmem_cache *lsm_inode_cache;
> int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
> int lsm_task_alloc(struct task_struct *task);
>
> +/* LSM framework initializers */
> +int securityfs_init(void);
> +int min_addr_init(void);
> +
> #endif /* _LSM_H_ */
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 75eb0cc82869..c0881407ca3f 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -485,7 +485,12 @@ int __init security_init(void)
> */
> static int __init security_initcall_pure(void)
> {
> - return lsm_initcall(pure);
> + int rc_adr, rc_lsm;
> +
> + rc_adr = min_addr_init();
> + rc_lsm = lsm_initcall(pure);
> +
> + return (rc_adr ? rc_adr : rc_lsm);
> }
> pure_initcall(security_initcall_pure);
>
> @@ -503,7 +508,12 @@ early_initcall(security_initcall_early);
> */
> static int __init security_initcall_core(void)
> {
> - return lsm_initcall(core);
> + int rc_sfs, rc_lsm;
> +
> + rc_sfs = securityfs_init();
> + rc_lsm = lsm_initcall(core);
> +
> + return (rc_sfs ? rc_sfs : rc_lsm);
> }
> core_initcall(security_initcall_core);
Hrm. Given these aren't really _lsm_ hooks, maybe just leave this out. I
worry about confusing the lsm inits with the lsm subsystem's core inits.
Or we need a new stacking type for "required"? But that seems ... heavy.
-Kees
>
> diff --git a/security/min_addr.c b/security/min_addr.c
> index df1bc643d886..40714bdeefbe 100644
> --- a/security/min_addr.c
> +++ b/security/min_addr.c
> @@ -4,6 +4,8 @@
> #include <linux/security.h>
> #include <linux/sysctl.h>
>
> +#include "lsm.h"
> +
> /* amount of vm to protect from userspace access by both DAC and the LSM*/
> unsigned long mmap_min_addr;
> /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
> @@ -54,11 +56,10 @@ static const struct ctl_table min_addr_sysctl_table[] = {
> },
> };
>
> -static int __init init_mmap_min_addr(void)
> +int __init min_addr_init(void)
> {
> register_sysctl_init("vm", min_addr_sysctl_table);
> update_mmap_min_addr();
>
> return 0;
> }
> -pure_initcall(init_mmap_min_addr);
> --
> 2.49.0
>
--
Kees Cook
next prev parent reply other threads:[~2025-04-09 23:52 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 18:49 [RFC PATCH 0/29] Rework the LSM initialization Paul Moore
2025-04-09 18:49 ` [RFC PATCH 01/29] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-04-09 21:17 ` Kees Cook
2025-04-15 12:14 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 02/29] lsm: split the init code out into lsm_init.c Paul Moore
2025-04-09 21:18 ` Kees Cook
2025-04-15 22:01 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 03/29] lsm: simplify prepare_lsm() and rename to lsm_prep_single() Paul Moore
2025-04-09 21:30 ` Kees Cook
2025-04-09 21:54 ` Paul Moore
2025-04-15 22:10 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 04/29] lsm: simplify ordered_lsm_init() and rename to lsm_init_ordered() Paul Moore
2025-04-09 21:38 ` Kees Cook
2025-04-09 22:31 ` Paul Moore
2025-04-09 18:49 ` [RFC PATCH 05/29] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
2025-04-09 21:40 ` Kees Cook
2025-04-15 22:20 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 06/29] lsm: cleanup and normalize the LSM order symbols naming Paul Moore
2025-04-09 23:00 ` Kees Cook
2025-04-15 22:23 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 07/29] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
2025-04-09 21:38 ` Casey Schaufler
2025-04-10 21:58 ` Paul Moore
2025-04-09 23:06 ` Kees Cook
2025-04-10 22:04 ` Paul Moore
2025-04-10 22:25 ` Kees Cook
2025-04-11 0:58 ` Casey Schaufler
2025-04-09 18:49 ` [RFC PATCH 08/29] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
2025-04-09 23:13 ` Kees Cook
2025-04-10 22:47 ` Paul Moore
2025-04-11 2:15 ` Kees Cook
2025-04-11 3:14 ` Paul Moore
2025-04-15 22:30 ` John Johansen
2025-05-22 21:26 ` Casey Schaufler
2025-04-09 18:49 ` [RFC PATCH 09/29] lsm: cleanup and normalize the LSM enabled functions Paul Moore
2025-04-10 0:11 ` Kees Cook
2025-04-11 1:50 ` Paul Moore
2025-04-11 2:03 ` Paul Moore
2025-04-11 2:14 ` Paul Moore
2025-04-11 2:17 ` Kees Cook
2025-04-09 18:49 ` [RFC PATCH 10/29] lsm: cleanup the LSM blob size code Paul Moore
2025-04-09 23:29 ` Kees Cook
2025-04-15 23:02 ` John Johansen
2025-04-19 2:42 ` Fan Wu
2025-04-19 5:53 ` Kees Cook
2025-04-19 15:58 ` Fan Wu
2025-04-09 18:49 ` [RFC PATCH 11/29] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
2025-04-09 23:30 ` Kees Cook
2025-04-15 23:04 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 12/29] lsm: cleanup the LSM ordered parsing Paul Moore
2025-04-09 18:49 ` [RFC PATCH 13/29] lsm: fold lsm_init_ordered() into security_init() Paul Moore
2025-04-09 18:49 ` [RFC PATCH 14/29] lsm: add missing function header comment blocks in lsm_init.c Paul Moore
2025-05-14 10:10 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 15/29] lsm: cleanup the debug and console output " Paul Moore
2025-04-09 18:50 ` [RFC PATCH 16/29] lsm: output available LSMs when debugging Paul Moore
2025-05-14 12:01 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 17/29] lsm: introduce an initcall mechanism into the LSM framework Paul Moore
2025-04-09 21:16 ` Kees Cook
2025-04-10 20:52 ` Paul Moore
2025-05-14 11:59 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 18/29] loadpin: move initcalls to " Paul Moore
2025-04-09 23:39 ` Kees Cook
2025-04-11 1:15 ` Paul Moore
2025-04-11 2:16 ` Kees Cook
2025-04-11 2:41 ` Paul Moore
2025-05-14 11:57 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 19/29] ipe: " Paul Moore
2025-04-09 23:40 ` Kees Cook
2025-04-14 21:19 ` Fan Wu
2025-04-15 1:58 ` Paul Moore
2025-05-14 12:02 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 20/29] smack: " Paul Moore
2025-04-09 23:42 ` Kees Cook
2025-04-11 2:30 ` Paul Moore
2025-04-10 17:30 ` Casey Schaufler
2025-04-10 17:47 ` Casey Schaufler
2025-04-11 20:09 ` Paul Moore
2025-04-14 21:04 ` Fan Wu
2025-04-15 1:54 ` Paul Moore
2025-04-09 18:50 ` [RFC PATCH 21/29] tomoyo: " Paul Moore
2025-04-09 23:43 ` Kees Cook
2025-05-14 12:05 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 22/29] safesetid: " Paul Moore
2025-04-09 23:43 ` Kees Cook
2025-04-11 19:20 ` Micah Morton
2025-04-11 20:45 ` Paul Moore
2025-05-14 12:18 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 23/29] apparmor: " Paul Moore
2025-04-09 23:44 ` Kees Cook
2025-05-14 13:33 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 24/29] lockdown: " Paul Moore
2025-04-09 23:44 ` Kees Cook
2025-05-14 13:31 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 25/29] ima,evm: " Paul Moore
2025-05-14 13:06 ` John Johansen
2025-06-11 20:09 ` Paul Moore
2025-05-30 22:03 ` Mimi Zohar
2025-06-11 20:27 ` Paul Moore
2025-06-13 20:34 ` Mimi Zohar
2025-07-21 21:59 ` Paul Moore
2025-04-09 18:50 ` [RFC PATCH 26/29] selinux: " Paul Moore
2025-04-10 16:33 ` Stephen Smalley
2025-04-11 3:24 ` Paul Moore
2025-05-23 15:12 ` Casey Schaufler
2025-04-09 18:50 ` [RFC PATCH 27/29] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-04-09 23:52 ` Kees Cook [this message]
2025-04-11 1:21 ` Paul Moore
2025-04-11 2:16 ` Kees Cook
2025-05-14 13:38 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 28/29] lsm: add a LSM_STARTED_ALL notification event Paul Moore
2025-04-09 23:53 ` Kees Cook
2025-05-14 13:34 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 29/29] lsm: add support for counting lsm_prop support among LSMs Paul Moore
2025-05-13 16:39 ` Casey Schaufler
2025-05-13 20:23 ` Paul Moore
2025-05-14 19:30 ` Casey Schaufler
2025-05-14 20:57 ` Paul Moore
2025-05-14 21:16 ` Casey Schaufler
2025-05-14 22:11 ` Paul Moore
2025-05-15 14:12 ` Casey Schaufler
2025-05-15 18:13 ` Paul Moore
2025-05-15 19:41 ` Casey Schaufler
2025-05-15 21:02 ` Paul Moore
2025-04-10 14:13 ` [RFC PATCH 0/29] Rework the LSM initialization Casey Schaufler
2025-04-10 16:31 ` Kees Cook
2025-04-11 2:28 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202504091649.E30A1670@keescook \
--to=kees@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=gnoack@google.com \
--cc=john.johansen@canonical.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=wufan@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.