On Wed, 2015-12-09 at 17:37 -0500, Paul Gortmaker wrote: > The Kconfig currently controlling compilation of this code is: > > ima/Kconfig:config IMA_MOK_KEYRING > ima/Kconfig: bool "Create IMA machine owner keys (MOK) and blacklist keyrings" > > ...meaning that it currently is not being built as a module by anyone. > > Lets remove the couple of traces of modularity so that when reading the > driver there is no doubt it really is builtin-only. > > Since module_init translates to device_initcall in the non-modular > case, the init ordering remains unchanged with this commit. > > Cc: Mimi Zohar <zo...@linux.vnet.ibm.com> > Cc: Dmitry Kasatkin <dmitry.kasat...@gmail.com> > Cc: James Morris <james.l.mor...@oracle.com> > Cc: "Serge E. Hallyn" <se...@hallyn.com> > Cc: linux-ima-de...@lists.sourceforge.net > Cc: linux-ima-u...@lists.sourceforge.net > Cc: linux-security-module@vger.kernel.org > Signed-off-by: Paul Gortmaker <paul.gortma...@windriver.com>
Thanks, this patch is queued to be upstreamed with the original ima_mok keyring patch. Mimi > --- > security/integrity/ima/ima_mok.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_mok.c > b/security/integrity/ima/ima_mok.c > index 8dad9a2b8e47..676885e4320e 100644 > --- a/security/integrity/ima/ima_mok.c > +++ b/security/integrity/ima/ima_mok.c > @@ -16,7 +16,7 @@ > #include <linux/sched.h> > #include <linux/cred.h> > #include <linux/err.h> > -#include <linux/module.h> > +#include <linux/init.h> > #include <keys/asymmetric-type.h> > > > @@ -52,5 +52,4 @@ __init int ima_mok_init(void) > set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags); > return 0; > } > - > -module_init(ima_mok_init); > +device_initcall(ima_mok_init); -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html