On Fri, Nov 2, 2018 at 11:13 AM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote: > I don't recall why "integrity" is on the security_initcall, while both > IMA and EVM are on the late_initcall(). It's because integrity needs to have a VFS buffer allocated extremely early, so it used the security init to do it. While it's not an LSM, it does use this part of LSM infrastructure. I didn't see an obvious alternative at the time, but now that I think about it, maybe just a simple postcore_initcall() would work? -Kees -- Kees Cook
