Short-circuit calls to kauth_authorize_action() for a scope withtout any

listeners to always return "allow".

The idea is that it's not entirely unlikely that some vendors, or users,
will decide to load the security model as an LKM, and that can only
happen after at least mounting local file-systems. If we would not have
this fast-path, all authorization requests would be denied.

okay christos@

sys/kern/kern_auth.c

@@ -1,4 +1,4 @@
-/* $NetBSD: kern_auth.c,v 1.17 2006/08/20 15:05:14 christos Exp $ */
+/* $NetBSD: kern_auth.c,v 1.18 2006/09/02 20:10:24 elad Exp $ */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
@@ -701,6 +701,10 @@ kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
 	if (cred == NOCRED || cred == FSCRED)
 		return (0);
 
+	/* Short-circuit requests when there are no listeners. */
+	if (SIMPLEQ_EMPTY(&scope->listenq))
+		return (0);
+
 	/*
 	 * Each scope is associated with at least one listener. We need to
 	 * traverse that list of listeners, as long as they return either