diff options
| author | Paul Moore <paul@paul-moore.com> | 2025-02-18 17:22:31 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-10-22 19:24:25 -0400 |
| commit | 06643d5584f9efa19804d17435169a63412b4eae (patch) | |
| tree | 059da8a3464df8f6a05a43825201f343ac0d66b3 | |
| parent | d934f97db827ac44a84edf399d6b7a3946fe1cf1 (diff) | |
smack: move initcalls to the LSM framework
As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | security/smack/smack.h | 14 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 9 | ||||
| -rw-r--r-- | security/smack/smack_netfilter.c | 4 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 4 |
4 files changed, 25 insertions, 6 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index bf6a6ed3946c..c56e1e876f7c 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -276,6 +276,20 @@ struct smk_audit_info { }; /* + * Initialization + */ +#if defined(CONFIG_SECURITY_SMACK_NETFILTER) +int smack_nf_ip_init(void); +#else +static inline int smack_nf_ip_init(void) +{ + return 0; +} +#endif +int init_smk_fs(void); +int smack_initcall(void); + +/* * These functions are in smack_access.c */ int smk_access_entry(char *, char *, struct list_head *); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 392698e41120..23ee1c0c07b7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5275,6 +5275,14 @@ static __init int smack_init(void) return 0; } +int __init smack_initcall(void) +{ + int rc_fs = init_smk_fs(); + int rc_nf = smack_nf_ip_init(); + + return rc_fs ? rc_fs : rc_nf; +} + /* * Smack requires early initialization in order to label * all processes and objects when they are created. @@ -5284,4 +5292,5 @@ DEFINE_LSM(smack) = { .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE, .blobs = &smack_blob_sizes, .init = smack_init, + .initcall_device = smack_initcall, }; diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index 8fd747b3653a..17ba578b1308 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c @@ -68,7 +68,7 @@ static struct pernet_operations smack_net_ops = { .exit = smack_nf_unregister, }; -static int __init smack_nf_ip_init(void) +int __init smack_nf_ip_init(void) { if (smack_enabled == 0) return 0; @@ -76,5 +76,3 @@ static int __init smack_nf_ip_init(void) printk(KERN_DEBUG "Smack: Registering netfilter hooks\n"); return register_pernet_subsys(&smack_net_ops); } - -__initcall(smack_nf_ip_init); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index b1e5e62f5cbd..405ace6db109 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount; * Returns true if we were not chosen on boot or if * we were chosen and filesystem registration succeeded. */ -static int __init init_smk_fs(void) +int __init init_smk_fs(void) { int err; int rc; @@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void) return err; } - -__initcall(init_smk_fs); |