safesetid: move initcalls to the LSM framework

Reviewed-by: Kees Cook <kees@kernel.org>
Acked-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 9a7c68d4e64297f600972a41b9ff00b47c0da88c..d5fb949050dd813bebd3db15798cd6a97e113262 100644 (file)
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -289,4 +289,5 @@ static int __init safesetid_security_init(void)
 DEFINE_LSM(safesetid_security_init) = {
        .id = &safesetid_lsmid,
        .init = safesetid_security_init,
+       .initcall_fs = safesetid_init_securityfs,
 };

diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h
index d346f4849cea3ff15768e9d7b21983d6cd05b3b4..bf5172e2c3f7d1791d19fa348c163e1b4782c5e8 100644 (file)
--- a/security/safesetid/lsm.h
+++ b/security/safesetid/lsm.h
@@ -70,4 +70,6 @@ enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
 extern struct setid_ruleset __rcu *safesetid_setuid_rules;
 extern struct setid_ruleset __rcu *safesetid_setgid_rules;
 
+int safesetid_init_securityfs(void);
+
 #endif /* _SAFESETID_H */

diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index 8e1ffd70b18ab4d9745d3298bb7fcf63d4bfbbe5..ece259f75b0d0c8fd149d457ee78817491316094 100644 (file)
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -308,7 +308,7 @@ static const struct file_operations safesetid_gid_file_fops = {
        .write = safesetid_gid_file_write,
 };
 
-static int __init safesetid_init_securityfs(void)
+int __init safesetid_init_securityfs(void)
 {
        int ret;
        struct dentry *policy_dir;
@@ -345,4 +345,3 @@ error:
        securityfs_remove(policy_dir);
        return ret;
 }
-fs_initcall(safesetid_init_securityfs);