Re: [PATCH] Early init for security modules

Chris Wright (chris@wirex.com)
Mon, 19 May 2003 17:57:44 -0700


* Christoph Hellwig (hch@infradead.org) wrote:
> On Mon, May 12, 2003 at 10:20:00PM -0700, Chris Wright wrote:
> > This is too late. Those are just for order in do_initcalls() which is
> > well after some kernel threads have been created and filesystems have been
> > mounted, etc. This patch allows statically linked modules to catch
> > the creation of such kernel objects and give them all consistent labels.
>
> Patch looks fine to me. Could you please make the initcalls mandatory
> for security modules and remove the module exports for the regioster
> functions so peop can't do the crappy check for each module whether it's
> already initialized stuff the early selinux for LSM versions did?

I absolutely agree the preconditions aren't nice, but not all security modules
need them. I don't think disabling dynamic loading needs to be a
requirement for the initcall.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/