On Wed Jun 16 2010 at 04:13:54 -0700, Paul Goyette wrote: > >With the current ways of secmodel register, I'd be damn careful to not > >push it around. The effect is that if it's called 0 times, you have a > >system which allows everything. So if your suggestion is implemented > >and you're testing a new secmodel which buggily omits register alongside > >another correctly registering secmodel, things will appear to work fine, > >But if in some scenario the buggy one is loaded alone, well ... welcome > >to the wishing well. > > I had some concern about this as well, wondering if I would be able to > be sure I'd found all the secmodel modules that might exist.
Especially ones which aren't in src! > Perhaps it would be best to retain MODULE_CLASS_SECMODEL and also add > the suggested MODULE_CLASS_EARLY? That would be my vote. But, "early" is a little vague. What if in the future we want modules which are initialized even earlier. Will those be called MODULE_CLASS_EARLIER_THAN_EARLY? If the class means "intialized before autoconf", why not use that in the name? > >Also, the modclass id is exported to userland and used as an index to > >a table in modstat. I think I filed a PR about this being suboptimal. > > Yeah, I was planning to update modstat(8) as well. The better choice is to update modctl(2) to pass down the information as a proplist. That way even module classes are pluggable and other information is easy to add if necessary. I'm secretly hoping someone will do this before 6.0 ... ;)