On Mon, Jul 21, 2025 at 7:30 PM Paul Moore <p...@paul-moore.com> wrote: > On Mon, Jul 21, 2025 at 7:24 PM Paul Moore <p...@paul-moore.com> wrote: > > > > This patch converts IMA and EVM to use the LSM frameworks's initcall > > mechanism. There was a minor challenge in this conversion that wasn't > > seen when converting the other LSMs brought about by the resource > > sharing between the two related, yes independent IMA and EVM LSMs. > > This was resolved by registering the same initcalls for each LSM and > > including code in each registered initcall to ensure it only executes > > once during each boot. > > > > It is worth mentioning that this patch does not touch any of the > > "platform certs" code that lives in the security/integrity/platform_certs > > directory as the IMA/EVM maintainers have assured me that this code is > > unrelated to IMA/EVM, despite the location, and will be moved to a more > > relevant subsystem in the future. > > > > Signed-off-by: Paul Moore <p...@paul-moore.com> > > --- > > security/integrity/Makefile | 2 +- > > security/integrity/evm/evm_main.c | 6 ++--- > > security/integrity/iint.c | 4 +-- > > security/integrity/ima/ima_main.c | 6 ++--- > > security/integrity/initcalls.c | 41 +++++++++++++++++++++++++++++++ > > security/integrity/initcalls.h | 13 ++++++++++ > > 6 files changed, 63 insertions(+), 9 deletions(-) > > create mode 100644 security/integrity/initcalls.c > > create mode 100644 security/integrity/initcalls.h > > ... > > > diff --git a/security/integrity/initcalls.h b/security/integrity/initcalls.h > > new file mode 100644 > > index 000000000000..5511c62f8166 > > --- /dev/null > > +++ b/security/integrity/initcalls.h > > @@ -0,0 +1,13 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > + > > +#ifndef PLATFORM_CERTS_INITCALLS_H > > +#define PLATFORM_CERTS_INITCALLS_H > > Ooops, the above two lines can obviously be removed, vestiges of the > previous revision.
... and replaced with a more appropriate marco guard against multiple includes. > > +int integrity_fs_init(void); > > + > > +int init_ima(void); > > +int init_evm(void); > > + > > +int integrity_late_init(void); > > + > > +#endif > > -- > > 2.50.1 -- paul-moore.com
