Re: [PATCH v2] Moved module init-functions into the module.

[Kees Cook]

On Thu, Jun 22, 2017 at 9:54 AM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 6/22/2017 1:45 AM, Steve Kemp wrote:
>> This commit moves the call to initialize the LSM modules inline
>> into the LSM-files themselves.
>>
>> This removes the need to hunt around for the setup, which was
>> something that bit me when I wrote my own (unrelated) LSM.
>>
>> Keeping LSM code in one place, including the setup of the
>> hooks seems like a sane choice.
>
> The module initialization code belongs in the module.
> The LSM infrastructure should have an absolute minimum
> of module specific information. I would rather see the
> "minor" modules (yama, loadpin) changed to use the module
> registration scheme used by the "major" modules, but that
> will require a mechanism to ensure module ordering, and
> we don't have that yet. No, don't do this.

Yeah, I agree: initialization order is important here and I don't want
to depend on the Makefile for this.

-Kees

-- 
Kees Cook
Pixel Security