| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jun 2017 09:56:10 -0700
From: Kees Cook <keescook@...omium.org>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: Steve Kemp <steve@...ve.fi>,
linux-security-module <linux-security-module@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
James Morris <james.l.morris@...cle.com>,
"Serge E. Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH v2] Moved module init-functions into the module.
On Thu, Jun 22, 2017 at 9:54 AM, Casey Schaufler <casey@...aufler-ca.com> wrote:
> On 6/22/2017 1:45 AM, Steve Kemp wrote:
>> This commit moves the call to initialize the LSM modules inline
>> into the LSM-files themselves.
>>
>> This removes the need to hunt around for the setup, which was
>> something that bit me when I wrote my own (unrelated) LSM.
>>
>> Keeping LSM code in one place, including the setup of the
>> hooks seems like a sane choice.
>
> The module initialization code belongs in the module.
> The LSM infrastructure should have an absolute minimum
> of module specific information. I would rather see the
> "minor" modules (yama, loadpin) changed to use the module
> registration scheme used by the "major" modules, but that
> will require a mechanism to ensure module ordering, and
> we don't have that yet. No, don't do this.
Yeah, I agree: initialization order is important here and I don't want
to depend on the Makefile for this.
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists