The secmodel(9)s init, start and stop routines are managed by each
secmodel module(7), so there is no point in calling suser/securelevel routines from bsd44. This leads to unwanted cross-secmodel dependencies. Do not call secmodel_bsd44_init() from secmodel_overlay_init(). Doing so resets all curtain/securelevel values, which is not really needed when loading an overlay filter. Remove the secmodel_register/deregister comments, they will be implemented differently in an upcoming patch. ok elad@ (via private mail).
This commit is contained in:
parent
35de13d139
commit
80a390c3fa
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $ */
|
||||
/* $NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $ */
|
||||
/*-
|
||||
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
||||
* All rights reserved.
|
||||
|
@ -27,7 +27,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.13 2009/10/02 18:50:13 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.14 2011/11/28 22:28:33 jym Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
@ -79,26 +79,19 @@ sysctl_security_bsd44_setup(struct sysctllog **clog)
|
|||
void
|
||||
secmodel_bsd44_init(void)
|
||||
{
|
||||
secmodel_suser_init();
|
||||
secmodel_securelevel_init();
|
||||
|
||||
}
|
||||
|
||||
void
|
||||
secmodel_bsd44_start(void)
|
||||
{
|
||||
secmodel_suser_start();
|
||||
secmodel_securelevel_start();
|
||||
|
||||
/* secmodel_register(); */
|
||||
}
|
||||
|
||||
void
|
||||
secmodel_bsd44_stop(void)
|
||||
{
|
||||
secmodel_suser_stop();
|
||||
secmodel_securelevel_stop();
|
||||
|
||||
/* secmodel_deregister(); */
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $ */
|
||||
/* $NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $ */
|
||||
/*-
|
||||
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
||||
* All rights reserved.
|
||||
|
@ -27,7 +27,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.10 2009/10/02 18:50:13 elad Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: secmodel_overlay.c,v 1.11 2011/11/28 22:28:34 jym Exp $");
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
|
@ -123,8 +123,6 @@ secmodel_overlay_init(void)
|
|||
secmodel_suser_device_cb, NULL);
|
||||
kauth_listen_scope(OVERLAY_ISCOPE_DEVICE,
|
||||
secmodel_securelevel_device_cb, NULL);
|
||||
|
||||
secmodel_bsd44_init();
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -178,8 +176,6 @@ secmodel_overlay_start(void)
|
|||
secmodel_overlay_device_cb, NULL);
|
||||
l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
|
||||
secmodel_overlay_vnode_cb, NULL);
|
||||
|
||||
/* secmodel_register(); */
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -205,7 +201,8 @@ secmodel_overlay_modcmd(modcmd_t cmd, void *arg)
|
|||
switch (cmd) {
|
||||
case MODULE_CMD_INIT:
|
||||
secmodel_overlay_init();
|
||||
secmodel_bsd44_stop();
|
||||
secmodel_suser_stop();
|
||||
secmodel_securelevel_stop();
|
||||
secmodel_overlay_start();
|
||||
sysctl_security_overlay_setup(&sysctl_overlay_log);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue