[src/trunk]: src/sbin/init Keep an internal variable indicating whether secur...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sbin/init Keep an internal variable indicating whether secur...
From: elad <elad%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 18:19:12 +0000

details:   https://anonhg.NetBSD.org/src/rev/34bb5204bd3f
branches:  trunk
changeset: 750387:34bb5204bd3f
user:      elad <elad%NetBSD.org@localhost>
date:      Tue Dec 29 17:07:17 2009 +0000

description:
Keep an internal variable indicating whether securelevel is present, and
don't blindly try to get/set it. Prevents error messages that don't make
sense if securelevel isn't supported by the kernel.

diffstat:

 sbin/init/init.c |  43 +++++++++++++++++++++++++++++++++++++++++--
 1 files changed, 41 insertions(+), 2 deletions(-)

diffs (94 lines):

diff -r 78c45358a959 -r 34bb5204bd3f sbin/init/init.c
--- a/sbin/init/init.c  Tue Dec 29 17:06:10 2009 +0000
+++ b/sbin/init/init.c  Tue Dec 29 17:07:17 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: init.c,v 1.99 2009/11/22 18:40:26 mbalmer Exp $        */
+/*     $NetBSD: init.c,v 1.100 2009/12/29 17:07:17 elad Exp $  */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -42,7 +42,7 @@
 #if 0
 static char sccsid[] = "@(#)init.c     8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: init.c,v 1.99 2009/11/22 18:40:26 mbalmer Exp $");
+__RCSID("$NetBSD: init.c,v 1.100 2009/12/29 17:07:17 elad Exp $");
 #endif
 #endif /* not lint */
 
@@ -170,8 +170,10 @@
 pid_t start_getty(session_t *);
 void transition_handler(int);
 void alrm_handler(int);
+int has_securelevel(void);
 void setsecuritylevel(int);
 int getsecuritylevel(void);
+int securelevel_present;
 int setupargv(session_t *, struct ttyent *);
 int clang;
 
@@ -325,6 +327,13 @@
 #endif /* !LETS_GET_SMALL && CHROOT*/
 
        /*
+        * Securelevel might not be supported by the kernel. Query for it, and
+        * set a variable indicating whether we should attempt anything with it
+        * or not.
+        */
+       securelevel_present = has_securelevel();
+
+       /*
         * Start the state machine.
         */
        transition(requested_transition);
@@ -481,6 +490,30 @@
 }
 
 /*
+ * Check if securelevel is present.
+ */
+int
+has_securelevel(void)
+{
+#ifdef KERN_SECURELVL
+       int name[2], curlevel;
+       size_t len;
+
+       name[0] = CTL_KERN;
+       name[1] = KERN_SECURELVL;
+       len = sizeof curlevel;
+       if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) {
+               /* If it doesn't exist, it's okay. */
+               if (errno == ENOENT) 
+                       return 0;
+       }
+       return 1;
+#else
+       return 0;
+#endif
+}
+
+/*
  * Get the security level of the kernel.
  */
 int
@@ -490,6 +523,9 @@
        int name[2], curlevel;
        size_t len;
 
+       if (!securelevel_present)
+               return -1;
+
        name[0] = CTL_KERN;
        name[1] = KERN_SECURELVL;
        len = sizeof curlevel;
@@ -512,6 +548,9 @@
 #ifdef KERN_SECURELVL
        int name[2], curlevel;
 
+       if (!securelevel_present)
+               return;
+
        curlevel = getsecuritylevel();
        if (newlevel == curlevel)
                return;

Prev by Date: [src/trunk]: src/external/bsd/libelf/dist Merge FreeBSD-8-0-RELEASE. All thi...
Next by Date: [src/trunk]: src/doc mention i82583V support in wm(4).
Previous by Thread: [src/trunk]: src/external/bsd/libelf/dist Merge FreeBSD-8-0-RELEASE. All thi...
Next by Thread: [src/trunk]: src/doc mention i82583V support in wm(4).
Indexes:

Home | Main Index | Thread Index | Old Index