Module Name: src Committed By: jym Date: Mon Nov 28 22:28:34 UTC 2011
Modified Files: src/sys/secmodel/bsd44: secmodel_bsd44.c src/sys/secmodel/overlay: secmodel_overlay.c Log Message: The secmodel(9)s init, start and stop routines are managed by each secmodel module(7), so there is no point in calling suser/securelevel routines from bsd44. This leads to unwanted cross-secmodel dependencies. Do not call secmodel_bsd44_init() from secmodel_overlay_init(). Doing so resets all curtain/securelevel values, which is not really needed when loading an overlay filter. Remove the secmodel_register/deregister comments, they will be implemented differently in an upcoming patch. ok elad@ (via private mail). To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/sys/secmodel/bsd44/secmodel_bsd44.c cvs rdiff -u -r1.10 -r1.11 src/sys/secmodel/overlay/secmodel_overlay.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/secmodel/bsd44/secmodel_bsd44.c diff -u src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 src/sys/secmodel/bsd44/secmodel_bsd44.c:1.14 --- src/sys/secmodel/bsd44/secmodel_bsd44.c:1.13 Fri Oct 2 18:50:13 2009 +++ src/sys/secmodel/bsd44/secmodel_bsd44.c Mon Nov 28 22:28:33 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $ */ +/* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -79,26 +79,19 @@ sysctl_security_bsd44_setup(struct sysct void secmodel_bsd44_init(void) { - secmodel_suser_init(); - secmodel_securelevel_init(); + } void secmodel_bsd44_start(void) { - secmodel_suser_start(); - secmodel_securelevel_start(); - /* secmodel_register(); */ } void secmodel_bsd44_stop(void) { - secmodel_suser_stop(); - secmodel_securelevel_stop(); - /* secmodel_deregister(); */ } static int Index: src/sys/secmodel/overlay/secmodel_overlay.c diff -u src/sys/secmodel/overlay/secmodel_overlay.c:1.10 src/sys/secmodel/overlay/secmodel_overlay.c:1.11 --- src/sys/secmodel/overlay/secmodel_overlay.c:1.10 Fri Oct 2 18:50:13 2009 +++ src/sys/secmodel/overlay/secmodel_overlay.c Mon Nov 28 22:28:34 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $ */ +/* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */ /*- * Copyright (c) 2006 Elad Efrat <e...@netbsd.org> * All rights reserved. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -123,8 +123,6 @@ secmodel_overlay_init(void) secmodel_suser_device_cb, NULL); kauth_listen_scope(OVERLAY_ISCOPE_DEVICE, secmodel_securelevel_device_cb, NULL); - - secmodel_bsd44_init(); } void @@ -178,8 +176,6 @@ secmodel_overlay_start(void) secmodel_overlay_device_cb, NULL); l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE, secmodel_overlay_vnode_cb, NULL); - - /* secmodel_register(); */ } /* @@ -205,7 +201,8 @@ secmodel_overlay_modcmd(modcmd_t cmd, vo switch (cmd) { case MODULE_CMD_INIT: secmodel_overlay_init(); - secmodel_bsd44_stop(); + secmodel_suser_stop(); + secmodel_securelevel_stop(); secmodel_overlay_start(); sysctl_security_overlay_setup(&sysctl_overlay_log); break;