Seen in security/Makefile:
% git blame security/Makefile
...
^1da177e (Linus Torvalds 2005-04-16 15:20:36 -0700 15)
^1da177e (Linus Torvalds 2005-04-16 15:20:36 -0700 16) # Object file lists
da31894e (Eric Paris 2008-08-22 11:35:57 -0400 17) obj-$(CONFIG_SECURITY) += security.o capability.o
da31894e (Eric Paris 2008-08-22 11:35:57 -0400 18) obj-$(CONFIG_SECURITYFS) += inode.o
^1da177e (Linus Torvalds 2005-04-16 15:20:36 -0700 19) # Must precede capability.o in order to stack properly.
^1da177e (Linus Torvalds 2005-04-16 15:20:36 -0700 20) obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
5915eb53 (Miklos Szeredi 2008-07-03 20:56:05 +0200 21) obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
...
What's wrong with this picture? Line 19 looks more than slightly confused,
and it has been for several years....
>From 4675ca3470e3c2e325c5be6d9a11f47ac0917537 Mon Sep 17 00:00:00 2001
From: Eric Paris <[email protected]>
Date: Tue, 10 Sep 2013 09:51:50 -0400
Subject: [PATCH] security: remove erroneous comment about capabilities.o link
ordering
Back when we had half ass LSM stacking we had to link capabilities.o
after bigger LSMs so that on initialization the bigger LSM would
register first and the capabilities module would be the one stacked as
the 'seconday'. Somewhere around 6f0f0fd496333777d53 (back in 2008) we
finally removed the last of the kinda module stacking code but this
comment in the makefile still lives today.
Reported-by: Valdis Kletnieks <[email protected]>
Signed-off-by: Eric Paris <[email protected]>
---
security/Makefile | 1 -
1 file changed, 1 deletion(-)
diff --git a/security/Makefile b/security/Makefile
index c26c81e..a5918e0 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -16,7 +16,6 @@ obj-$(CONFIG_MMU) += min_addr.o
# Object file lists
obj-$(CONFIG_SECURITY) += security.o capability.o
obj-$(CONFIG_SECURITYFS) += inode.o
-# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
obj-$(CONFIG_AUDIT) += lsm_audit.o
On Tue, 10 Sep 2013, Eric Paris wrote:
> >From 4675ca3470e3c2e325c5be6d9a11f47ac0917537 Mon Sep 17 00:00:00 2001
> From: Eric Paris <[email protected]>
> Date: Tue, 10 Sep 2013 09:51:50 -0400
> Subject: [PATCH] security: remove erroneous comment about capabilities.o link
> ordering
>
> Back when we had half ass LSM stacking we had to link capabilities.o
> after bigger LSMs so that on initialization the bigger LSM would
> register first and the capabilities module would be the one stacked as
> the 'seconday'. Somewhere around 6f0f0fd496333777d53 (back in 2008) we
> finally removed the last of the kinda module stacking code but this
> comment in the makefile still lives today.
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
--
James Morris
<[email protected]>