Re: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization

From: Kees Cook
Date: Fri Nov 02 2018 - 16:49:15 EST

Next message: Pavel Machek: "Re: [PATCH] dt-bindings: mrvl,intc: fix a trivial typo"
Previous message: Pavel Machek: "Re: [PATCH 12/14] dt-bindings: ehci-mv: add bindings"
In reply to: Mimi Zohar: "Re: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization"
Next in thread: Mimi Zohar: "Re: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 2, 2018 at 11:13 AM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> I don't recall why "integrity" is on the security_initcall, while both
> IMA and EVM are on the late_initcall().

It's because integrity needs to have a VFS buffer allocated extremely
early, so it used the security init to do it. While it's not an LSM,
it does use this part of LSM infrastructure. I didn't see an obvious
alternative at the time, but now that I think about it, maybe just a
simple postcore_initcall() would work?

-Kees

--
Kees Cook

Next message: Pavel Machek: "Re: [PATCH] dt-bindings: mrvl,intc: fix a trivial typo"
Previous message: Pavel Machek: "Re: [PATCH 12/14] dt-bindings: ehci-mv: add bindings"
In reply to: Mimi Zohar: "Re: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization"
Next in thread: Mimi Zohar: "Re: [PATCH security-next v5 12/30] LSM: Provide separate ordered initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]