Move dovfsusermount to secmodel_bsd44, where it really belongs.

The secmodel code now creates the same knob in two places: both under the secmodel itself, as well as the widely known location. Mailing list references: http://mail-index.netbsd.org/source-changes/2009/05/02/msg220641.html http://mail-index.netbsd.org/tech-kern/2009/05/03/msg005015.html
2009-05-03 21:25:44 +00:00 · 2009-05-03 21:25:44 +00:00 · 414eb0a314
commit 414eb0a314
parent 55a30cc8cc
5 changed files with 45 additions and 19 deletions
--- a/sys/conf/param.c
+++ b/sys/conf/param.c
@ -1,4 +1,4 @@
-/*	$NetBSD: param.c,v 1.61 2009/05/02 14:13:28 pooka Exp $	*/
+/*	$NetBSD: param.c,v 1.62 2009/05/03 21:25:44 elad Exp $	*/

 /*
 * Copyright (c) 1980, 1986, 1989 Regents of the University of California.
@ -37,7 +37,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: param.c,v 1.61 2009/05/02 14:13:28 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: param.c,v 1.62 2009/05/03 21:25:44 elad Exp $");

 #include "opt_hz.h"
 #include "opt_rtc_offset.h"
@ -131,8 +131,6 @@ u_int	maxcpus = 1;
 size_t	coherency_unit = ALIGNBYTES + 1;
 #endif

-int	dovfsusermount = 0;
-
 /*
 * Various mbuf-related parameters.  These can also be changed at run-time
 * with sysctl.
--- a/sys/kern/vfs_init.c
+++ b/sys/kern/vfs_init.c
@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_init.c,v 1.43 2009/01/17 07:02:35 yamt Exp $	*/
+/*	$NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $	*/

 /*-
 * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@ -67,7 +67,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.43 2009/01/17 07:02:35 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $");

 #include <sys/param.h>
 #include <sys/mount.h>
@ -147,7 +147,6 @@ static struct sysctllog *vfs_sysctllog;
 static void
 sysctl_vfs_setup(void)
 {
-	extern int dovfsusermount;
 	extern int vfs_magiclinks;

 	sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
@ -161,13 +160,6 @@ sysctl_vfs_setup(void)
 		       SYSCTL_DESCR("Non-specific vfs related information"),
 		       NULL, 0, NULL, 0,
 		       CTL_VFS, VFS_GENERIC, CTL_EOL);
-	sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
-		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		       CTLTYPE_INT, "usermount",
-		       SYSCTL_DESCR("Whether unprivileged users may mount "
-				    "filesystems"),
-		       NULL, 0, &dovfsusermount, 0,
-		       CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
 	sysctl_createv(&vfs_sysctllog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_STRING, "fstypes",
--- a/sys/secmodel/bsd44/secmodel_bsd44.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44.c,v 1.11 2007/11/21 22:49:07 elad Exp $ */
+/* $NetBSD: secmodel_bsd44.c,v 1.12 2009/05/03 21:25:44 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -27,13 +27,14 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.11 2007/11/21 22:49:07 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.12 2009/05/03 21:25:44 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kauth.h>

 #include <sys/sysctl.h>
+#include <sys/mount.h>

 #include <secmodel/secmodel.h>

@ -92,6 +93,38 @@ SYSCTL_SETUP(sysctl_security_bsd44_setup,
 				    "users not owning them."),
 		       NULL, 0, &secmodel_bsd44_curtain, 0,
 		       CTL_CREATE, CTL_EOL);
+
+	sysctl_createv(clog, 0, &rnode, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "usermount",
+		       SYSCTL_DESCR("Whether unprivileged users may mount "
+				    "filesystems"),
+		       NULL, 0, &dovfsusermount, 0,
+		       CTL_CREATE, CTL_EOL);
+
+
+	/*
+	 * For compatibility, create the "dovfsusermount" variable in its
+	 * original location.
+	 */
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "vfs", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_VFS, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "generic",
+		       SYSCTL_DESCR("Non-specific vfs related information"),
+		       NULL, 0, NULL, 0,
+		       CTL_VFS, VFS_GENERIC, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "usermount",
+		       SYSCTL_DESCR("Whether unprivileged users may mount "
+				    "filesystems"),
+		       NULL, 0, &dovfsusermount, 0,
+		       CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL);
 }

 void
--- a/sys/secmodel/bsd44/secmodel_bsd44_logic.c
+++ b/sys/secmodel/bsd44/secmodel_bsd44_logic.c
@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_bsd44_logic.c,v 1.4 2007/11/21 22:49:07 elad Exp $ */
+/* $NetBSD: secmodel_bsd44_logic.c,v 1.5 2009/05/03 21:25:44 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -27,7 +27,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_logic.c,v 1.4 2007/11/21 22:49:07 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_logic.c,v 1.5 2009/05/03 21:25:44 elad Exp $");

 #include <sys/types.h>
 #include <sys/param.h>
@ -40,6 +40,7 @@ __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_logic.c,v 1.4 2007/11/21 22:49:07 ela
 #include <secmodel/securelevel/securelevel.h>

 int secmodel_bsd44_curtain;
+int dovfsusermount;

 /*
 * Initialize the traditional NetBSD security model.
@ -49,4 +50,5 @@ secmodel_bsd44_init(void)
 {
 	secmodel_securelevel_init();
 	secmodel_bsd44_curtain = 0;
+	dovfsusermount = 0;
 }
--- a/sys/secmodel/bsd44/suser.h
+++ b/sys/secmodel/bsd44/suser.h
@ -1,4 +1,4 @@
-/* $NetBSD: suser.h,v 1.4 2007/01/09 12:57:56 elad Exp $ */
+/* $NetBSD: suser.h,v 1.5 2009/05/03 21:25:44 elad Exp $ */
 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
 * All rights reserved.
@ -30,6 +30,7 @@
 #define	_SECMODEL_BSD44_SUSER_H_

 extern int secmodel_bsd44_curtain;
+extern int dovfsusermount;

 void secmodel_bsd44_suser_start(void);