On Tue, 2025-09-16 at 18:03 -0400, Paul Moore wrote:
> Move away from an init specific init_debug() macro to a more general
> lsm_pr()/lsm_pr_cont()/lsm_pr_dbg() set of macros that are available
> both before and after init. In the process we do a number of minor
> changes to improve the LSM initialization output and cleanup the code
> somewhat.
>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
> Reviewed-by: John Johansen <john.johhan...@canonical.com>
> Signed-off-by: Paul Moore <p...@paul-moore.com>
> ---
> security/lsm.h | 11 ++++
> security/lsm_init.c | 123 +++++++++++++++++++-------------------------
> security/security.c | 2 +
> 3 files changed, 66 insertions(+), 70 deletions(-)
>
> diff --git a/security/lsm.h b/security/lsm.h
> index dbe755c45e57..8dc267977ae0 100644
> --- a/security/lsm.h
> +++ b/security/lsm.h
> @@ -6,9 +6,20 @@
> #ifndef _LSM_H_
> #define _LSM_H_
>
> +#include <linux/printk.h>
> #include <linux/lsm_hooks.h>
> #include <linux/lsm_count.h>
>
> +/* LSM debugging */
> +extern bool lsm_debug;
> +#define lsm_pr(...) pr_info(__VA_ARGS__)
> +#define lsm_pr_cont(...) pr_cont(__VA_ARGS__)
> +#define lsm_pr_dbg(...)
>
> \
> + do { \
> + if (lsm_debug) \
> + pr_info(__VA_ARGS__); \
> + } while (0)
The existing pr_info and pr_cont themselves are #defines. Is there a reason for
these new "#define"? If there is a valid reason for having these new defines,
why aren't they simply prefixed with "lsm"?
Mimi
