On Thu, Apr 10, 2025 at 07:13:11AM -0700, Casey Schaufler wrote: > On 4/9/2025 11:49 AM, Paul Moore wrote: > > This is one of those patchsets that started out small and then quickly > > expanded to what you see here. I will warn you that some of the > > individual patches are a bit ugly to look at, but I believe the end > > result is much cleaner than what we have now, fixes some odd/undesirable > > behavior on boot, and enables some new functionality. > > > > The most obvious changes are the extraction of the LSM notifier and > > initialization code out of security/security.c and into their own files, > > security/lsm_notifier.c and security/lsm_init.c. While not strictly > > necessary, I think we can all agree that security/security.c has grown > > to be a bit of a mess, and these are two bits of functionality which > > can be extracted out into their own files without too much fuss. I > > personally find this to be a nice quality-of-life improvement, and while > > I'm open to keeping everything in security.c, the argument for doing so > > is going to need to be *very* persuasive. > > It's something I've considered doing as part of the stacking work, > but that I have eschewed in the spirit of churn reduction. I've no > problem with it.
Yeah, to be clear, I'm a fan of these refactorings. :) > There's a lot of churn here due to unnecessary name changes. I can't > say they're unjustified, but the patch set is bigger than it needs to > be, and more disruptive. If renamings are desired, sure, let's do it, but I'd love to see them very distinctly separated from logical changes. -- Kees Cook
