lsm: consolidate all of the LSM framework initcalls

author Paul Moore <paul@paul-moore.com>

Tue, 18 Feb 2025 22:25:20 +0000 (17:25 -0500)

committer Paul Moore <paul@paul-moore.com>

Wed, 22 Oct 2025 23:24:28 +0000 (19:24 -0400)
author Paul Moore <paul@paul-moore.com>
Tue, 18 Feb 2025 22:25:20 +0000 (17:25 -0500)
committer Paul Moore <paul@paul-moore.com>
Wed, 22 Oct 2025 23:24:28 +0000 (19:24 -0400)
diff --git a/security/inode.c b/security/inode.c

index 6620c3e42af263338c7068a496f5e705d414e3fb..ab8d6a2acadbf975e9ac4441c2f0f244d0f4efe5 100644 (file)
--- a/security/inode.c
+++ b/security/inode.c
@@ -368,7 +368,7 @@ static const struct file_operations lsm_ops = {
  };
  #endif
  
-static int __init securityfs_init(void)
+int __init securityfs_init(void)
  {
         int retval;
  
@@ -387,4 +387,3 @@ static int __init securityfs_init(void)
  #endif
         return 0;
  }
-core_initcall(securityfs_init);
diff --git a/security/lsm.h b/security/lsm.h

index 8dc267977ae01e1eea49d6a90917bcb4a6552137..81aadbc61685cd105ddd31813cc2effb7e502f15 100644 (file)
--- a/security/lsm.h
+++ b/security/lsm.h
@@ -35,4 +35,24 @@ extern struct kmem_cache *lsm_inode_cache;
  int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
  int lsm_task_alloc(struct task_struct *task);
  
+/* LSM framework initializers */
+
+#ifdef CONFIG_MMU
+int min_addr_init(void);
+#else
+static inline int min_addr_init(void)
+{
+       return 0;
+}
+#endif /* CONFIG_MMU */
+
+#ifdef CONFIG_SECURITYFS
+int securityfs_init(void);
+#else
+static inline int securityfs_init(void)
+{
+       return 0;
+}
+#endif /* CONFIG_SECURITYFS */
+
  #endif /* _LSM_H_ */
diff --git a/security/lsm_init.c b/security/lsm_init.c

index aacdac406ba5c97a8df28e633e0b7c1caef79fe6..0f668bca98f915c356fdebc8ef2449b6e16fa5ea 100644 (file)
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -488,7 +488,12 @@ int __init security_init(void)
   */
  static int __init security_initcall_pure(void)
  {
-       return lsm_initcall(pure);
+       int rc_adr, rc_lsm;
+
+       rc_adr = min_addr_init();
+       rc_lsm = lsm_initcall(pure);
+
+       return (rc_adr ? rc_adr : rc_lsm);
  }
  pure_initcall(security_initcall_pure);
  
@@ -506,7 +511,12 @@ early_initcall(security_initcall_early);
   */
  static int __init security_initcall_core(void)
  {
-       return lsm_initcall(core);
+       int rc_sfs, rc_lsm;
+
+       rc_sfs = securityfs_init();
+       rc_lsm = lsm_initcall(core);
+
+       return (rc_sfs ? rc_sfs : rc_lsm);
  }
  core_initcall(security_initcall_core);
  
diff --git a/security/min_addr.c b/security/min_addr.c

index c55bb84b86320957c6471fc29c03d90b69fe4276..0fde5ec9abc8a0bd7b5c2f3862340a1c92729e45 100644 (file)
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -5,6 +5,8 @@
  #include <linux/sysctl.h>
  #include <linux/minmax.h>
  
+#include "lsm.h"
+
  /* amount of vm to protect from userspace access by both DAC and the LSM*/
  unsigned long mmap_min_addr;
  /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
@@ -52,11 +54,10 @@ static const struct ctl_table min_addr_sysctl_table[] = {
         },
  };
  
-static int __init init_mmap_min_addr(void)
+int __init min_addr_init(void)
  {
         register_sysctl_init("vm", min_addr_sysctl_table);
         update_mmap_min_addr();
  
         return 0;
  }
-pure_initcall(init_mmap_min_addr);
author	Paul Moore <paul@paul-moore.com>
	Tue, 18 Feb 2025 22:25:20 +0000 (17:25 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Wed, 22 Oct 2025 23:24:28 +0000 (19:24 -0400)
security/inode.c		patch \| blob \| blame \| history
security/lsm.h		patch \| blob \| blame \| history
security/lsm_init.c		patch \| blob \| blame \| history
security/min_addr.c		patch \| blob \| blame \| history