From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754888AbbLJPnJ (ORCPT ); Thu, 10 Dec 2015 10:43:09 -0500 Received: from e23smtp07.au.ibm.com ([202.81.31.140]:56298 "EHLO e23smtp07.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754822AbbLJPnF (ORCPT ); Thu, 10 Dec 2015 10:43:05 -0500 X-IBM-Helo: d23dlp02.au.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1449762123.2690.6.camel@linux.vnet.ibm.com> Subject: Re: [PATCH 2/2] security/integrity: make ima/ima_mok.c explicitly non-modular From: Mimi Zohar To: Paul Gortmaker Cc: linux-kernel@vger.kernel.org, Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , linux-ima-devel@lists.sourceforge.net, linux-ima-user@lists.sourceforge.net, linux-security-module@vger.kernel.org Date: Thu, 10 Dec 2015 10:42:03 -0500 In-Reply-To: <1449700636-17195-3-git-send-email-paul.gortmaker@windriver.com> References: <1449700636-17195-1-git-send-email-paul.gortmaker@windriver.com> <1449700636-17195-3-git-send-email-paul.gortmaker@windriver.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 15121015-0025-0000-0000-000002904B30 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2015-12-09 at 17:37 -0500, Paul Gortmaker wrote: > The Kconfig currently controlling compilation of this code is: > > ima/Kconfig:config IMA_MOK_KEYRING > ima/Kconfig: bool "Create IMA machine owner keys (MOK) and blacklist keyrings" > > ...meaning that it currently is not being built as a module by anyone. > > Lets remove the couple of traces of modularity so that when reading the > driver there is no doubt it really is builtin-only. > > Since module_init translates to device_initcall in the non-modular > case, the init ordering remains unchanged with this commit. > > Cc: Mimi Zohar > Cc: Dmitry Kasatkin > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: linux-ima-devel@lists.sourceforge.net > Cc: linux-ima-user@lists.sourceforge.net > Cc: linux-security-module@vger.kernel.org > Signed-off-by: Paul Gortmaker Thanks, this patch is queued to be upstreamed with the original ima_mok keyring patch. Mimi > --- > security/integrity/ima/ima_mok.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c > index 8dad9a2b8e47..676885e4320e 100644 > --- a/security/integrity/ima/ima_mok.c > +++ b/security/integrity/ima/ima_mok.c > @@ -16,7 +16,7 @@ > #include > #include > #include > -#include > +#include > #include > > > @@ -52,5 +52,4 @@ __init int ima_mok_init(void) > set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags); > return 0; > } > - > -module_init(ima_mok_init); > +device_initcall(ima_mok_init);