Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/secmodel The secmodel(9)s init, start and stop routines ...



details:   https://anonhg.NetBSD.org/src/rev/688f1dcc1fd7
branches:  trunk
changeset: 771689:688f1dcc1fd7
user:      jym <jym%NetBSD.org@localhost>
date:      Mon Nov 28 22:28:33 2011 +0000

description:
The secmodel(9)s init, start and stop routines are managed by each
secmodel module(7), so there is no point in calling suser/securelevel
routines from bsd44. This leads to unwanted cross-secmodel dependencies.

Do not call secmodel_bsd44_init() from secmodel_overlay_init(). Doing so
resets all curtain/securelevel values, which is not really needed when
loading an overlay filter.

Remove the secmodel_register/deregister comments, they will be
implemented differently in an upcoming patch.

ok elad@ (via private mail).

diffstat:

 sys/secmodel/bsd44/secmodel_bsd44.c     |  13 +++----------
 sys/secmodel/overlay/secmodel_overlay.c |  11 ++++-------
 2 files changed, 7 insertions(+), 17 deletions(-)

diffs (92 lines):

diff -r f3e51d13efd0 -r 688f1dcc1fd7 sys/secmodel/bsd44/secmodel_bsd44.c
--- a/sys/secmodel/bsd44/secmodel_bsd44.c       Mon Nov 28 20:57:51 2011 +0000
+++ b/sys/secmodel/bsd44/secmodel_bsd44.c       Mon Nov 28 22:28:33 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -79,26 +79,19 @@
 void
 secmodel_bsd44_init(void)
 {
-       secmodel_suser_init();
-       secmodel_securelevel_init();
+
 }
 
 void
 secmodel_bsd44_start(void)
 {
-       secmodel_suser_start();
-       secmodel_securelevel_start();
 
-       /* secmodel_register(); */
 }
 
 void
 secmodel_bsd44_stop(void)
 {
-       secmodel_suser_stop();
-       secmodel_securelevel_stop();
 
-       /* secmodel_deregister(); */
 }
 
 static int
diff -r f3e51d13efd0 -r 688f1dcc1fd7 sys/secmodel/overlay/secmodel_overlay.c
--- a/sys/secmodel/overlay/secmodel_overlay.c   Mon Nov 28 20:57:51 2011 +0000
+++ b/sys/secmodel/overlay/secmodel_overlay.c   Mon Nov 28 22:28:33 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
  * All rights reserved.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -123,8 +123,6 @@
            secmodel_suser_device_cb, NULL);
        kauth_listen_scope(OVERLAY_ISCOPE_DEVICE,
            secmodel_securelevel_device_cb, NULL);
-
-       secmodel_bsd44_init();
 }
 
 void
@@ -178,8 +176,6 @@
            secmodel_overlay_device_cb, NULL);
        l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
            secmodel_overlay_vnode_cb, NULL);
-
-       /* secmodel_register(); */
 }
 
 /*
@@ -205,7 +201,8 @@
        switch (cmd) {
        case MODULE_CMD_INIT:
                secmodel_overlay_init();
-               secmodel_bsd44_stop();
+               secmodel_suser_stop();
+               secmodel_securelevel_stop();
                secmodel_overlay_start();
                sysctl_security_overlay_setup(&sysctl_overlay_log);
                break;



Home | Main Index | Thread Index | Old Index