It's taken a few months to prepare the second RFC for posting, mostly because of the sorry state of the first RFC, although as discussed earlier, there was a reason for that. There is a CHANGELOG below with an itemized list of the changes between RFC/v1 and this posting, but you can summarize it into three basic things: adding proper commit descriptions, decomposing some of the uglier patches into smaller coherent patches that make more sense, and dropping the subject/object counting code as Casey found a different approach that fits his needs. I've added the ACKs/Reviewed-by/etc. tags from the first posting, but left some off as the associated patches changed enough that I felt it was no longer responsible to include them. Additional review is always welcome and encouraged.
The RFC/v1 patchset is linked below, the cover letter provides some background and motivation for this series which still applies. https://lore.kernel.org/linux-security-module/20250409185019.238841-31-p...@paul-moore.com/ CHANGELOG RFC/v2: - rename lsm_prep_single() to lsm_prepare() - drop the lsm_prop counting patch - drop the platform_certs changes from the IMA/EVM patch (Mimi) - split/reorder anough patches in the patchset that I lost track - added missing function comment blocks in the SELinux patches - split patch 04/29 into smaller patches (Kees) - fix an LSM list output problem in an intermediate patch (Kees) - preserve the "lsm_active_cnt" variable name (Casey) - cache the lsm_read() string (Kees) - squashed, split, and reordered the enabled/ordering patches - reworked the Smack patch (Casey) - conditionalized the SELinux IB init code (Stephen) - fixed missing Smack "__init" annotation (Fan) - fixed a potential unused variable warning in IMA/EVM (John) - fixed the placeholder commit descriptions (various) RFC/v1: - initial version -- Paul Moore (34): lsm: split the notifier code out into lsm_notifier.c lsm: split the init code out into lsm_init.c lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() lsm: introduce looping macros for the initialization code lsm: integrate report_lsm_order() code into caller lsm: integrate lsm_early_cred() and lsm_early_task() into caller lsm: rename ordered_lsm_init() to lsm_init_ordered() lsm: replace the name field with a pointer to the lsm_id struct lsm: rename the lsm order variables for consistency lsm: rework lsm_active_cnt and lsm_idlist[] lsm: get rid of the lsm_names list and do some cleanup lsm: rework the LSM enable/disable setter/getter functions lsm: rename exists_ordered_lsm() to lsm_order_exists() lsm: rename/rework append_ordered_lsm() into lsm_order_append() lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() lsm: cleanup the LSM blob size code lsm: cleanup initialize_lsm() and rename to lsm_init_single() lsm: fold lsm_init_ordered() into security_init() lsm: add/tweak function header comment blocks in lsm_init.c lsm: cleanup the debug and console output in lsm_init.c lsm: output available LSMs when debugging lsm: group lsm_order_parse() with the other lsm_order_*() functions lsm: introduce an initcall mechanism into the LSM framework loadpin: move initcalls to the LSM framework ipe: move initcalls to the LSM framework smack: move initcalls to the LSM framework tomoyo: move initcalls to the LSM framework safesetid: move initcalls to the LSM framework apparmor: move initcalls to the LSM framework lockdown: move initcalls to the LSM framework ima,evm: move initcalls to the LSM framework selinux: move initcalls to the LSM framework lsm: consolidate all of the LSM framework initcalls lsm: add a LSM_STARTED_ALL notification event include/linux/lsm_hooks.h | 67 +- include/linux/security.h | 3 security/Makefile | 2 security/apparmor/apparmorfs.c | 4 security/apparmor/crypto.c | 4 security/apparmor/include/apparmorfs.h | 2 security/apparmor/include/crypto.h | 1 security/apparmor/lsm.c | 11 security/bpf/hooks.c | 2 security/commoncap.c | 2 security/inode.c | 62 ++ security/integrity/Makefile | 2 security/integrity/evm/evm_main.c | 8 security/integrity/iint.c | 4 security/integrity/ima/ima_main.c | 8 security/integrity/initcalls.c | 41 + security/integrity/initcalls.h | 13 security/ipe/fs.c | 4 security/ipe/ipe.c | 3 security/ipe/ipe.h | 2 security/landlock/setup.c | 2 security/loadpin/loadpin.c | 15 security/lockdown/lockdown.c | 5 security/lsm.h | 42 + security/lsm_init.c | 557 ++++++++++++++++++++++ security/lsm_notifier.c | 31 + security/lsm_syscalls.c | 2 security/min_addr.c | 5 security/safesetid/lsm.c | 3 security/safesetid/lsm.h | 2 security/safesetid/securityfs.c | 3 security/security.c | 617 +------------------------ security/selinux/Makefile | 2 security/selinux/hooks.c | 11 security/selinux/ibpkey.c | 5 security/selinux/include/audit.h | 9 security/selinux/include/initcalls.h | 19 security/selinux/initcalls.c | 52 ++ security/selinux/netif.c | 5 security/selinux/netlink.c | 5 security/selinux/netnode.c | 5 security/selinux/netport.c | 5 security/selinux/selinuxfs.c | 5 security/selinux/ss/services.c | 26 - security/smack/smack.h | 7 security/smack/smack_lsm.c | 11 security/smack/smack_netfilter.c | 4 security/smack/smackfs.c | 4 security/tomoyo/common.h | 2 security/tomoyo/securityfs_if.c | 4 security/tomoyo/tomoyo.c | 3 security/yama/yama_lsm.c | 2 52 files changed, 1012 insertions(+), 703 deletions(-)
