Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Don't allow disabling a builtin secmodel: too many ...
details: https://anonhg.NetBSD.org/src/rev/60d28d3dc806
branches: trunk
changeset: 762456:60d28d3dc806
user: pooka <pooka%NetBSD.org@localhost>
date: Mon Feb 21 09:53:06 2011 +0000
description:
Don't allow disabling a builtin secmodel: too many questionable
security implications.
diffstat:
sys/kern/kern_module.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
diffs (34 lines):
diff -r e5d5e19cff36 -r 60d28d3dc806 sys/kern/kern_module.c
--- a/sys/kern/kern_module.c Mon Feb 21 09:29:21 2011 +0000
+++ b/sys/kern/kern_module.c Mon Feb 21 09:53:06 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_module.c,v 1.75 2011/01/14 10:18:21 martin Exp $ */
+/* $NetBSD: kern_module.c,v 1.76 2011/02/21 09:53:06 pooka Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.75 2011/01/14 10:18:21 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.76 2011/02/21 09:53:06 pooka Exp $");
#define _MODULE_INTERNAL
@@ -1129,6 +1129,15 @@
module_print("module `%s' busy", name);
return EBUSY;
}
+
+ /*
+ * Builtin secmodels are there to stay.
+ */
+ if (mod->mod_source == MODULE_SOURCE_KERNEL &&
+ mod->mod_info->mi_class == MODULE_CLASS_SECMODEL) {
+ return EPERM;
+ }
+
prev_active = module_active;
module_active = mod;
error = (*mod->mod_info->mi_modcmd)(MODULE_CMD_FINI, NULL);
Home |
Main Index |
Thread Index |
Old Index