Module Name: src
Committed By: jym
Date: Mon Nov 28 22:28:34 UTC 2011
Modified Files:
src/sys/secmodel/bsd44: secmodel_bsd44.c
src/sys/secmodel/overlay: secmodel_overlay.c
Log Message:
The secmodel(9)s init, start and stop routines are managed by each
secmodel module(7), so there is no point in calling suser/securelevel
routines from bsd44. This leads to unwanted cross-secmodel dependencies.
Do not call secmodel_bsd44_init() from secmodel_overlay_init(). Doing so
resets all curtain/securelevel values, which is not really needed when
loading an overlay filter.
Remove the secmodel_register/deregister comments, they will be
implemented differently in an upcoming patch.
ok elad@ (via private mail).
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sys/secmodel/bsd44/secmodel_bsd44.c
cvs rdiff -u -r1.10 -r1.11 src/sys/secmodel/overlay/secmodel_overlay.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/secmodel/bsd44/secmodel_bsd44.c
diff -u src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 src/sys/secmodel/bsd44/secmodel_bsd44.c:1.14
--- src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 Fri Oct 2 18:50:13 2009
+++ src/sys/secmodel/bsd44/secmodel_bsd44.c Mon Nov 28 22:28:33 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -79,26 +79,19 @@ sysctl_security_bsd44_setup(struct sysct
void
secmodel_bsd44_init(void)
{
- secmodel_suser_init();
- secmodel_securelevel_init();
+
}
void
secmodel_bsd44_start(void)
{
- secmodel_suser_start();
- secmodel_securelevel_start();
- /* secmodel_register(); */
}
void
secmodel_bsd44_stop(void)
{
- secmodel_suser_stop();
- secmodel_securelevel_stop();
- /* secmodel_deregister(); */
}
static int
Index: src/sys/secmodel/overlay/secmodel_overlay.c
diff -u src/sys/secmodel/overlay/secmodel_overlay.c:1.10 src/sys/secmodel/overlay/secmodel_overlay.c:1.11
--- src/sys/secmodel/overlay/secmodel_overlay.c:1.10 Fri Oct 2 18:50:13 2009
+++ src/sys/secmodel/overlay/secmodel_overlay.c Mon Nov 28 22:28:34 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $ */
+/* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -123,8 +123,6 @@ secmodel_overlay_init(void)
secmodel_suser_device_cb, NULL);
kauth_listen_scope(OVERLAY_ISCOPE_DEVICE,
secmodel_securelevel_device_cb, NULL);
-
- secmodel_bsd44_init();
}
void
@@ -178,8 +176,6 @@ secmodel_overlay_start(void)
secmodel_overlay_device_cb, NULL);
l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
secmodel_overlay_vnode_cb, NULL);
-
- /* secmodel_register(); */
}
/*
@@ -205,7 +201,8 @@ secmodel_overlay_modcmd(modcmd_t cmd, vo
switch (cmd) {
case MODULE_CMD_INIT:
secmodel_overlay_init();
- secmodel_bsd44_stop();
+ secmodel_suser_stop();
+ secmodel_securelevel_stop();
secmodel_overlay_start();
sysctl_security_overlay_setup(&sysctl_overlay_log);
break;
