Move dovfsusermount to secmodel_bsd44, where it really belongs. The secmodel code now creates the same knob in two places: both under the secmodel itself, as well as the widely known location. Mailing list references: http://mail-index.netbsd.org/source-changes/2009/05/02/msg220641.html http://mail-index.netbsd.org/tech-kern/2009/05/03/msg005015.htmldiff -r1.61 -r1.62 src/sys/conf/param.c
(elad)
--- src/sys/conf/param.c 2009/05/02 14:13:28 1.61
+++ src/sys/conf/param.c 2009/05/03 21:25:44 1.62
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: param.c,v 1.61 2009/05/02 14:13:28 pooka Exp $ */ | 1 | /* $NetBSD: param.c,v 1.62 2009/05/03 21:25:44 elad Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 1980, 1986, 1989 Regents of the University of California. | 4 | * Copyright (c) 1980, 1986, 1989 Regents of the University of California. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * (c) UNIX System Laboratories, Inc. | 6 | * (c) UNIX System Laboratories, Inc. | |
7 | * All or some portions of this file are derived from material licensed | 7 | * All or some portions of this file are derived from material licensed | |
8 | * to the University of California by American Telephone and Telegraph | 8 | * to the University of California by American Telephone and Telegraph | |
9 | * Co. or Unix System Laboratories, Inc. and are reproduced herein with | 9 | * Co. or Unix System Laboratories, Inc. and are reproduced herein with | |
10 | * the permission of UNIX System Laboratories, Inc. | 10 | * the permission of UNIX System Laboratories, Inc. | |
11 | * | 11 | * | |
12 | * Redistribution and use in source and binary forms, with or without | 12 | * Redistribution and use in source and binary forms, with or without | |
13 | * modification, are permitted provided that the following conditions | 13 | * modification, are permitted provided that the following conditions | |
14 | * are met: | 14 | * are met: | |
@@ -27,27 +27,27 @@ | @@ -27,27 +27,27 @@ | |||
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34 | * SUCH DAMAGE. | 34 | * SUCH DAMAGE. | |
35 | * | 35 | * | |
36 | * @(#)param.c 7.20 (Berkeley) 6/27/91 | 36 | * @(#)param.c 7.20 (Berkeley) 6/27/91 | |
37 | */ | 37 | */ | |
38 | 38 | |||
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | __KERNEL_RCSID(0, "$NetBSD: param.c,v 1.61 2009/05/02 14:13:28 pooka Exp $"); | 40 | __KERNEL_RCSID(0, "$NetBSD: param.c,v 1.62 2009/05/03 21:25:44 elad Exp $"); | |
41 | 41 | |||
42 | #include "opt_hz.h" | 42 | #include "opt_hz.h" | |
43 | #include "opt_rtc_offset.h" | 43 | #include "opt_rtc_offset.h" | |
44 | #include "opt_sysv.h" | 44 | #include "opt_sysv.h" | |
45 | #include "opt_sysvparam.h" | 45 | #include "opt_sysvparam.h" | |
46 | #include "opt_nmbclusters.h" | 46 | #include "opt_nmbclusters.h" | |
47 | #include "opt_multiprocessor.h" | 47 | #include "opt_multiprocessor.h" | |
48 | 48 | |||
49 | #include <sys/param.h> | 49 | #include <sys/param.h> | |
50 | #include <sys/systm.h> | 50 | #include <sys/systm.h> | |
51 | #include <sys/socket.h> | 51 | #include <sys/socket.h> | |
52 | #include <sys/socketvar.h> | 52 | #include <sys/socketvar.h> | |
53 | #include <sys/proc.h> | 53 | #include <sys/proc.h> | |
@@ -121,28 +121,26 @@ int maxproc = NPROC; | @@ -121,28 +121,26 @@ int maxproc = NPROC; | |||
121 | int desiredvnodes = NVNODE; | 121 | int desiredvnodes = NVNODE; | |
122 | u_int maxfiles = MAXFILES; | 122 | u_int maxfiles = MAXFILES; | |
123 | int fscale = FSCALE; /* kernel uses `FSCALE', user uses `fscale' */ | 123 | int fscale = FSCALE; /* kernel uses `FSCALE', user uses `fscale' */ | |
124 | int maxexec = MAXEXEC; /* max number of concurrent exec() calls */ | 124 | int maxexec = MAXEXEC; /* max number of concurrent exec() calls */ | |
125 | 125 | |||
126 | #ifdef MULTIPROCESSOR | 126 | #ifdef MULTIPROCESSOR | |
127 | u_int maxcpus = MAXCPUS; | 127 | u_int maxcpus = MAXCPUS; | |
128 | size_t coherency_unit = COHERENCY_UNIT; | 128 | size_t coherency_unit = COHERENCY_UNIT; | |
129 | #else | 129 | #else | |
130 | u_int maxcpus = 1; | 130 | u_int maxcpus = 1; | |
131 | size_t coherency_unit = ALIGNBYTES + 1; | 131 | size_t coherency_unit = ALIGNBYTES + 1; | |
132 | #endif | 132 | #endif | |
133 | 133 | |||
134 | int dovfsusermount = 0; | |||
135 | ||||
136 | /* | 134 | /* | |
137 | * Various mbuf-related parameters. These can also be changed at run-time | 135 | * Various mbuf-related parameters. These can also be changed at run-time | |
138 | * with sysctl. | 136 | * with sysctl. | |
139 | */ | 137 | */ | |
140 | int nmbclusters = NMBCLUSTERS; | 138 | int nmbclusters = NMBCLUSTERS; | |
141 | 139 | |||
142 | #ifndef MBLOWAT | 140 | #ifndef MBLOWAT | |
143 | #define MBLOWAT 16 | 141 | #define MBLOWAT 16 | |
144 | #endif | 142 | #endif | |
145 | int mblowat = MBLOWAT; | 143 | int mblowat = MBLOWAT; | |
146 | 144 | |||
147 | #ifndef MCLLOWAT | 145 | #ifndef MCLLOWAT | |
148 | #define MCLLOWAT 8 | 146 | #define MCLLOWAT 8 |
--- src/sys/kern/vfs_init.c 2009/01/17 07:02:35 1.43
+++ src/sys/kern/vfs_init.c 2009/05/03 21:25:44 1.44
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: vfs_init.c,v 1.43 2009/01/17 07:02:35 yamt Exp $ */ | 1 | /* $NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, | 8 | * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, | |
9 | * NASA Ames Research Center. | 9 | * NASA Ames Research Center. | |
10 | * | 10 | * | |
11 | * Redistribution and use in source and binary forms, with or without | 11 | * Redistribution and use in source and binary forms, with or without | |
12 | * modification, are permitted provided that the following conditions | 12 | * modification, are permitted provided that the following conditions | |
13 | * are met: | 13 | * are met: | |
14 | * 1. Redistributions of source code must retain the above copyright | 14 | * 1. Redistributions of source code must retain the above copyright | |
@@ -57,27 +57,27 @@ | @@ -57,27 +57,27 @@ | |||
57 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | 57 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
58 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 58 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
59 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 59 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
60 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 60 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
61 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 61 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
62 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 62 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
63 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 63 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
64 | * SUCH DAMAGE. | 64 | * SUCH DAMAGE. | |
65 | * | 65 | * | |
66 | * @(#)vfs_init.c 8.5 (Berkeley) 5/11/95 | 66 | * @(#)vfs_init.c 8.5 (Berkeley) 5/11/95 | |
67 | */ | 67 | */ | |
68 | 68 | |||
69 | #include <sys/cdefs.h> | 69 | #include <sys/cdefs.h> | |
70 | __KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.43 2009/01/17 07:02:35 yamt Exp $"); | 70 | __KERNEL_RCSID(0, "$NetBSD: vfs_init.c,v 1.44 2009/05/03 21:25:44 elad Exp $"); | |
71 | 71 | |||
72 | #include <sys/param.h> | 72 | #include <sys/param.h> | |
73 | #include <sys/mount.h> | 73 | #include <sys/mount.h> | |
74 | #include <sys/time.h> | 74 | #include <sys/time.h> | |
75 | #include <sys/vnode.h> | 75 | #include <sys/vnode.h> | |
76 | #include <sys/stat.h> | 76 | #include <sys/stat.h> | |
77 | #include <sys/namei.h> | 77 | #include <sys/namei.h> | |
78 | #include <sys/ucred.h> | 78 | #include <sys/ucred.h> | |
79 | #include <sys/buf.h> | 79 | #include <sys/buf.h> | |
80 | #include <sys/errno.h> | 80 | #include <sys/errno.h> | |
81 | #include <sys/kmem.h> | 81 | #include <sys/kmem.h> | |
82 | #include <sys/systm.h> | 82 | #include <sys/systm.h> | |
83 | #include <sys/module.h> | 83 | #include <sys/module.h> | |
@@ -137,48 +137,40 @@ vn_default_error(void *v) | @@ -137,48 +137,40 @@ vn_default_error(void *v) | |||
137 | { | 137 | { | |
138 | 138 | |||
139 | return (EOPNOTSUPP); | 139 | return (EOPNOTSUPP); | |
140 | } | 140 | } | |
141 | 141 | |||
142 | static struct sysctllog *vfs_sysctllog; | 142 | static struct sysctllog *vfs_sysctllog; | |
143 | 143 | |||
144 | /* | 144 | /* | |
145 | * Top level filesystem related information gathering. | 145 | * Top level filesystem related information gathering. | |
146 | */ | 146 | */ | |
147 | static void | 147 | static void | |
148 | sysctl_vfs_setup(void) | 148 | sysctl_vfs_setup(void) | |
149 | { | 149 | { | |
150 | extern int dovfsusermount; | |||
151 | extern int vfs_magiclinks; | 150 | extern int vfs_magiclinks; | |
152 | 151 | |||
153 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | 152 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | |
154 | CTLFLAG_PERMANENT, | 153 | CTLFLAG_PERMANENT, | |
155 | CTLTYPE_NODE, "vfs", NULL, | 154 | CTLTYPE_NODE, "vfs", NULL, | |
156 | NULL, 0, NULL, 0, | 155 | NULL, 0, NULL, 0, | |
157 | CTL_VFS, CTL_EOL); | 156 | CTL_VFS, CTL_EOL); | |
158 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | 157 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | |
159 | CTLFLAG_PERMANENT, | 158 | CTLFLAG_PERMANENT, | |
160 | CTLTYPE_NODE, "generic", | 159 | CTLTYPE_NODE, "generic", | |
161 | SYSCTL_DESCR("Non-specific vfs related information"), | 160 | SYSCTL_DESCR("Non-specific vfs related information"), | |
162 | NULL, 0, NULL, 0, | 161 | NULL, 0, NULL, 0, | |
163 | CTL_VFS, VFS_GENERIC, CTL_EOL); | 162 | CTL_VFS, VFS_GENERIC, CTL_EOL); | |
164 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | 163 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | |
165 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
166 | CTLTYPE_INT, "usermount", | |||
167 | SYSCTL_DESCR("Whether unprivileged users may mount " | |||
168 | "filesystems"), | |||
169 | NULL, 0, &dovfsusermount, 0, | |||
170 | CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); | |||
171 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | |||
172 | CTLFLAG_PERMANENT, | 164 | CTLFLAG_PERMANENT, | |
173 | CTLTYPE_STRING, "fstypes", | 165 | CTLTYPE_STRING, "fstypes", | |
174 | SYSCTL_DESCR("List of file systems present"), | 166 | SYSCTL_DESCR("List of file systems present"), | |
175 | sysctl_vfs_generic_fstypes, 0, NULL, 0, | 167 | sysctl_vfs_generic_fstypes, 0, NULL, 0, | |
176 | CTL_VFS, VFS_GENERIC, CTL_CREATE, CTL_EOL); | 168 | CTL_VFS, VFS_GENERIC, CTL_CREATE, CTL_EOL); | |
177 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | 169 | sysctl_createv(&vfs_sysctllog, 0, NULL, NULL, | |
178 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | 170 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |
179 | CTLTYPE_INT, "magiclinks", | 171 | CTLTYPE_INT, "magiclinks", | |
180 | SYSCTL_DESCR("Whether \"magic\" symlinks are expanded"), | 172 | SYSCTL_DESCR("Whether \"magic\" symlinks are expanded"), | |
181 | NULL, 0, &vfs_magiclinks, 0, | 173 | NULL, 0, &vfs_magiclinks, 0, | |
182 | CTL_VFS, VFS_GENERIC, VFS_MAGICLINKS, CTL_EOL); | 174 | CTL_VFS, VFS_GENERIC, VFS_MAGICLINKS, CTL_EOL); | |
183 | } | 175 | } | |
184 | 176 |
--- src/sys/secmodel/bsd44/secmodel_bsd44.c 2007/11/21 22:49:07 1.11
+++ src/sys/secmodel/bsd44/secmodel_bsd44.c 2009/05/03 21:25:44 1.12
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_bsd44.c,v 1.11 2007/11/21 22:49:07 elad Exp $ */ | 1 | /* $NetBSD: secmodel_bsd44.c,v 1.12 2009/05/03 21:25:44 elad Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -17,33 +17,34 @@ | @@ -17,33 +17,34 @@ | |||
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #include <sys/cdefs.h> | 29 | #include <sys/cdefs.h> | |
30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.11 2007/11/21 22:49:07 elad Exp $"); | 30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44.c,v 1.12 2009/05/03 21:25:44 elad Exp $"); | |
31 | 31 | |||
32 | #include <sys/types.h> | 32 | #include <sys/types.h> | |
33 | #include <sys/param.h> | 33 | #include <sys/param.h> | |
34 | #include <sys/kauth.h> | 34 | #include <sys/kauth.h> | |
35 | 35 | |||
36 | #include <sys/sysctl.h> | 36 | #include <sys/sysctl.h> | |
37 | #include <sys/mount.h> | |||
37 | 38 | |||
38 | #include <secmodel/secmodel.h> | 39 | #include <secmodel/secmodel.h> | |
39 | 40 | |||
40 | #include <secmodel/bsd44/bsd44.h> | 41 | #include <secmodel/bsd44/bsd44.h> | |
41 | #include <secmodel/bsd44/suser.h> | 42 | #include <secmodel/bsd44/suser.h> | |
42 | #include <secmodel/securelevel/securelevel.h> | 43 | #include <secmodel/securelevel/securelevel.h> | |
43 | 44 | |||
44 | SYSCTL_SETUP(sysctl_security_bsd44_setup, | 45 | SYSCTL_SETUP(sysctl_security_bsd44_setup, | |
45 | "sysctl security bsd44 setup") | 46 | "sysctl security bsd44 setup") | |
46 | { | 47 | { | |
47 | const struct sysctlnode *rnode; | 48 | const struct sysctlnode *rnode; | |
48 | 49 | |||
49 | sysctl_createv(clog, 0, NULL, &rnode, | 50 | sysctl_createv(clog, 0, NULL, &rnode, | |
@@ -82,26 +83,58 @@ SYSCTL_SETUP(sysctl_security_bsd44_setup | @@ -82,26 +83,58 @@ SYSCTL_SETUP(sysctl_security_bsd44_setup | |||
82 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | 83 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |
83 | CTLTYPE_INT, "securelevel", | 84 | CTLTYPE_INT, "securelevel", | |
84 | SYSCTL_DESCR("System security level"), | 85 | SYSCTL_DESCR("System security level"), | |
85 | secmodel_securelevel_sysctl, 0, NULL, 0, | 86 | secmodel_securelevel_sysctl, 0, NULL, 0, | |
86 | CTL_CREATE, CTL_EOL); | 87 | CTL_CREATE, CTL_EOL); | |
87 | 88 | |||
88 | sysctl_createv(clog, 0, &rnode, NULL, | 89 | sysctl_createv(clog, 0, &rnode, NULL, | |
89 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | 90 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |
90 | CTLTYPE_INT, "curtain", | 91 | CTLTYPE_INT, "curtain", | |
91 | SYSCTL_DESCR("Curtain information about objects to " | 92 | SYSCTL_DESCR("Curtain information about objects to " | |
92 | "users not owning them."), | 93 | "users not owning them."), | |
93 | NULL, 0, &secmodel_bsd44_curtain, 0, | 94 | NULL, 0, &secmodel_bsd44_curtain, 0, | |
94 | CTL_CREATE, CTL_EOL); | 95 | CTL_CREATE, CTL_EOL); | |
96 | ||||
97 | sysctl_createv(clog, 0, &rnode, NULL, | |||
98 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
99 | CTLTYPE_INT, "usermount", | |||
100 | SYSCTL_DESCR("Whether unprivileged users may mount " | |||
101 | "filesystems"), | |||
102 | NULL, 0, &dovfsusermount, 0, | |||
103 | CTL_CREATE, CTL_EOL); | |||
104 | ||||
105 | ||||
106 | /* | |||
107 | * For compatibility, create the "dovfsusermount" variable in its | |||
108 | * original location. | |||
109 | */ | |||
110 | sysctl_createv(clog, 0, NULL, NULL, | |||
111 | CTLFLAG_PERMANENT, | |||
112 | CTLTYPE_NODE, "vfs", NULL, | |||
113 | NULL, 0, NULL, 0, | |||
114 | CTL_VFS, CTL_EOL); | |||
115 | sysctl_createv(clog, 0, NULL, NULL, | |||
116 | CTLFLAG_PERMANENT, | |||
117 | CTLTYPE_NODE, "generic", | |||
118 | SYSCTL_DESCR("Non-specific vfs related information"), | |||
119 | NULL, 0, NULL, 0, | |||
120 | CTL_VFS, VFS_GENERIC, CTL_EOL); | |||
121 | sysctl_createv(clog, 0, NULL, NULL, | |||
122 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, | |||
123 | CTLTYPE_INT, "usermount", | |||
124 | SYSCTL_DESCR("Whether unprivileged users may mount " | |||
125 | "filesystems"), | |||
126 | NULL, 0, &dovfsusermount, 0, | |||
127 | CTL_VFS, VFS_GENERIC, VFS_USERMOUNT, CTL_EOL); | |||
95 | } | 128 | } | |
96 | 129 | |||
97 | void | 130 | void | |
98 | secmodel_bsd44_start(void) | 131 | secmodel_bsd44_start(void) | |
99 | { | 132 | { | |
100 | secmodel_bsd44_init(); | 133 | secmodel_bsd44_init(); | |
101 | 134 | |||
102 | secmodel_bsd44_suser_start(); | 135 | secmodel_bsd44_suser_start(); | |
103 | secmodel_securelevel_start(); | 136 | secmodel_securelevel_start(); | |
104 | 137 | |||
105 | secmodel_register(); | 138 | secmodel_register(); | |
106 | } | 139 | } | |
107 | 140 |
--- src/sys/secmodel/bsd44/Attic/secmodel_bsd44_logic.c 2007/11/21 22:49:07 1.4
+++ src/sys/secmodel/bsd44/Attic/secmodel_bsd44_logic.c 2009/05/03 21:25:44 1.5
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: secmodel_bsd44_logic.c,v 1.4 2007/11/21 22:49:07 elad Exp $ */ | 1 | /* $NetBSD: secmodel_bsd44_logic.c,v 1.5 2009/05/03 21:25:44 elad Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -17,36 +17,38 @@ | @@ -17,36 +17,38 @@ | |||
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 18 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 19 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #include <sys/cdefs.h> | 29 | #include <sys/cdefs.h> | |
30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_logic.c,v 1.4 2007/11/21 22:49:07 elad Exp $"); | 30 | __KERNEL_RCSID(0, "$NetBSD: secmodel_bsd44_logic.c,v 1.5 2009/05/03 21:25:44 elad Exp $"); | |
31 | 31 | |||
32 | #include <sys/types.h> | 32 | #include <sys/types.h> | |
33 | #include <sys/param.h> | 33 | #include <sys/param.h> | |
34 | #include <sys/kauth.h> | 34 | #include <sys/kauth.h> | |
35 | 35 | |||
36 | #include <sys/sysctl.h> | 36 | #include <sys/sysctl.h> | |
37 | 37 | |||
38 | #include <secmodel/bsd44/bsd44.h> | 38 | #include <secmodel/bsd44/bsd44.h> | |
39 | #include <secmodel/bsd44/suser.h> | 39 | #include <secmodel/bsd44/suser.h> | |
40 | #include <secmodel/securelevel/securelevel.h> | 40 | #include <secmodel/securelevel/securelevel.h> | |
41 | 41 | |||
42 | int secmodel_bsd44_curtain; | 42 | int secmodel_bsd44_curtain; | |
43 | int dovfsusermount; | |||
43 | 44 | |||
44 | /* | 45 | /* | |
45 | * Initialize the traditional NetBSD security model. | 46 | * Initialize the traditional NetBSD security model. | |
46 | */ | 47 | */ | |
47 | void | 48 | void | |
48 | secmodel_bsd44_init(void) | 49 | secmodel_bsd44_init(void) | |
49 | { | 50 | { | |
50 | secmodel_securelevel_init(); | 51 | secmodel_securelevel_init(); | |
51 | secmodel_bsd44_curtain = 0; | 52 | secmodel_bsd44_curtain = 0; | |
53 | dovfsusermount = 0; | |||
52 | } | 54 | } |
--- src/sys/secmodel/bsd44/Attic/suser.h 2007/01/09 12:57:56 1.4
+++ src/sys/secmodel/bsd44/Attic/suser.h 2009/05/03 21:25:44 1.5
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: suser.h,v 1.4 2007/01/09 12:57:56 elad Exp $ */ | 1 | /* $NetBSD: suser.h,v 1.5 2009/05/03 21:25:44 elad Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | 3 | * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * 3. The name of the author may not be used to endorse or promote products | 14 | * 3. The name of the author may not be used to endorse or promote products | |
@@ -20,26 +20,27 @@ | @@ -20,26 +20,27 @@ | |||
20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 20 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 21 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 22 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 23 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 24 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
27 | */ | 27 | */ | |
28 | 28 | |||
29 | #ifndef _SECMODEL_BSD44_SUSER_H_ | 29 | #ifndef _SECMODEL_BSD44_SUSER_H_ | |
30 | #define _SECMODEL_BSD44_SUSER_H_ | 30 | #define _SECMODEL_BSD44_SUSER_H_ | |
31 | 31 | |||
32 | extern int secmodel_bsd44_curtain; | 32 | extern int secmodel_bsd44_curtain; | |
33 | extern int dovfsusermount; | |||
33 | 34 | |||
34 | void secmodel_bsd44_suser_start(void); | 35 | void secmodel_bsd44_suser_start(void); | |
35 | 36 | |||
36 | #if defined(_LKM) | 37 | #if defined(_LKM) | |
37 | void secmodel_bsd44_suser_stop(void); | 38 | void secmodel_bsd44_suser_stop(void); | |
38 | #endif /* _LKM */ | 39 | #endif /* _LKM */ | |
39 | 40 | |||
40 | int secmodel_bsd44_suser_generic_cb(kauth_cred_t, kauth_action_t, void *, | 41 | int secmodel_bsd44_suser_generic_cb(kauth_cred_t, kauth_action_t, void *, | |
41 | void *, void *, void *, void *); | 42 | void *, void *, void *, void *); | |
42 | int secmodel_bsd44_suser_system_cb(kauth_cred_t, kauth_action_t, void *, | 43 | int secmodel_bsd44_suser_system_cb(kauth_cred_t, kauth_action_t, void *, | |
43 | void *, void *, void *, void *); | 44 | void *, void *, void *, void *); | |
44 | int secmodel_bsd44_suser_process_cb(kauth_cred_t, kauth_action_t, void *, | 45 | int secmodel_bsd44_suser_process_cb(kauth_cred_t, kauth_action_t, void *, | |
45 | void *, void *, void *, void *); | 46 | void *, void *, void *, void *); |