Commit Graph

5 Commits

Author SHA1 Message Date
elad
414eb0a314 Move dovfsusermount to secmodel_bsd44, where it really belongs.
The secmodel code now creates the same knob in two places: both under the
secmodel itself, as well as the widely known location.

Mailing list references:

    http://mail-index.netbsd.org/source-changes/2009/05/02/msg220641.html
    http://mail-index.netbsd.org/tech-kern/2009/05/03/msg005015.html
2009-05-03 21:25:44 +00:00
elad
6887492c26 Make securelevel a "secmodel" of its own.
While it's true that it's part of the traditional 4.4BSD security model,
there may come a time where a different "primary" security model used for
fine-grained privileges (ie., splitting root's responsibilities to various
privileges that can be assigned) may want to still have a securelevel
setting.

Idea from Daniel Carosone:

  http://mail-index.netbsd.org/tech-security/2006/08/25/0001.html

The location of the removed files, for reference, was:

  src/secmodel/bsd44/secmodel_bsd44_securelevel.c
  src/secmodel/bsd44/securelevel.h
2007-11-21 22:49:05 +00:00
elad
76f1c03beb Remove advertising clause from all of my stuff. 2007-01-09 12:57:56 +00:00
elad
c2ea23c509 Add __KERNEL_RCSID(), requested by and okay xtraeme@. 2006-09-08 21:57:38 +00:00
elad
5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00