landlock: Move code to ease future backports

To ease backports in setup.c, let's group changes from
__lsm_ro_after_init to __ro_after_init with commit f22f9aaf6c3d
("selinux: remove the runtime disable functionality"), and the
landlock_lsmid addition with commit f3b8788cde61 ("LSM: Identify modules
by more than name").

That will help to backport the following errata.

Cc: Günther Noack <gnoack@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250318161443.279194-2-mic@digikod.net
Fixes: f3b8788cde61 ("LSM: Identify modules by more than name")
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index 28519a45b11ffb9c0674bf7c212999847c74d0fa..c71832a8e369d9452075880d107b4f2c75732a07 100644 (file)
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -19,6 +19,11 @@
 
 bool landlock_initialized __ro_after_init = false;
 
+const struct lsm_id landlock_lsmid = {
+       .name = LANDLOCK_NAME,
+       .id = LSM_ID_LANDLOCK,
+};
+
 struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
        .lbs_cred = sizeof(struct landlock_cred_security),
        .lbs_file = sizeof(struct landlock_file_security),
@@ -26,11 +31,6 @@ struct lsm_blob_sizes landlock_blob_sizes __ro_after_init = {
        .lbs_superblock = sizeof(struct landlock_superblock_security),
 };
 
-const struct lsm_id landlock_lsmid = {
-       .name = LANDLOCK_NAME,
-       .id = LSM_ID_LANDLOCK,
-};
-
 static int __init landlock_init(void)
 {
        landlock_add_cred_hooks();