Mon Dec 5 00:13:31 2011 UTC ()
secmodel_eval(9) may want to access securelevel before it is set
to the right value, so init it first before registering secmodel(9).


(jym)
diff -r1.23 -r1.24 src/sys/secmodel/securelevel/secmodel_securelevel.c
cvs diff -r1.23 -r1.24 src/sys/secmodel/securelevel/secmodel_securelevel.c (expand / switch to unified diff)

--- src/sys/secmodel/securelevel/secmodel_securelevel.c 2011/12/04 19:25:00 1.23
+++ src/sys/secmodel/securelevel/secmodel_securelevel.c 2011/12/05 00:13:30 1.24
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $ */ 1/* $NetBSD: secmodel_securelevel.c,v 1.24 2011/12/05 00:13:30 jym Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -25,27 +25,27 @@ @@ -25,27 +25,27 @@
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */ 27 */
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD securelevel. 31 * NetBSD securelevel.
32 * 32 *
33 * The securelevel is a system-global indication on what operations are 33 * The securelevel is a system-global indication on what operations are
34 * allowed or not. It affects all users, including root. 34 * allowed or not. It affects all users, including root.
35 */ 35 */
36 36
37#include <sys/cdefs.h> 37#include <sys/cdefs.h>
38__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.23 2011/12/04 19:25:00 jym Exp $"); 38__KERNEL_RCSID(0, "$NetBSD: secmodel_securelevel.c,v 1.24 2011/12/05 00:13:30 jym Exp $");
39 39
40#ifdef _KERNEL_OPT 40#ifdef _KERNEL_OPT
41#include "opt_insecure.h" 41#include "opt_insecure.h"
42#endif /* _KERNEL_OPT */ 42#endif /* _KERNEL_OPT */
43 43
44#include <sys/types.h> 44#include <sys/types.h>
45#include <sys/param.h> 45#include <sys/param.h>
46#include <sys/kauth.h> 46#include <sys/kauth.h>
47 47
48#include <sys/conf.h> 48#include <sys/conf.h>
49#include <sys/mount.h> 49#include <sys/mount.h>
50#include <sys/sysctl.h> 50#include <sys/sysctl.h>
51#include <sys/vnode.h> 51#include <sys/vnode.h>
@@ -195,34 +195,34 @@ securelevel_eval(const char *what, void  @@ -195,34 +195,34 @@ securelevel_eval(const char *what, void
195 error = ENOENT; 195 error = ENOENT;
196 } 196 }
197 197
198 return error; 198 return error;
199} 199}
200 200
201static int 201static int
202securelevel_modcmd(modcmd_t cmd, void *arg) 202securelevel_modcmd(modcmd_t cmd, void *arg)
203{ 203{
204 int error = 0; 204 int error = 0;
205 205
206 switch (cmd) { 206 switch (cmd) {
207 case MODULE_CMD_INIT: 207 case MODULE_CMD_INIT:
 208 secmodel_securelevel_init();
208 error = secmodel_register(&securelevel_sm, 209 error = secmodel_register(&securelevel_sm,
209 SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME, 210 SECMODEL_SECURELEVEL_ID, SECMODEL_SECURELEVEL_NAME,
210 NULL, securelevel_eval, NULL); 211 NULL, securelevel_eval, NULL);
211 if (error != 0) 212 if (error != 0)
212 printf("securelevel_modcmd::init: secmodel_register " 213 printf("securelevel_modcmd::init: secmodel_register "
213 "returned %d\n", error); 214 "returned %d\n", error);
214 215
215 secmodel_securelevel_init(); 
216 secmodel_securelevel_start(); 216 secmodel_securelevel_start();
217 sysctl_security_securelevel_setup(&securelevel_sysctl_log); 217 sysctl_security_securelevel_setup(&securelevel_sysctl_log);
218 break; 218 break;
219 219
220 case MODULE_CMD_FINI: 220 case MODULE_CMD_FINI:
221 sysctl_teardown(&securelevel_sysctl_log); 221 sysctl_teardown(&securelevel_sysctl_log);
222 secmodel_securelevel_stop(); 222 secmodel_securelevel_stop();
223 223
224 error = secmodel_deregister(securelevel_sm); 224 error = secmodel_deregister(securelevel_sm);
225 if (error != 0) 225 if (error != 0)
226 printf("securelevel_modcmd::fini: secmodel_deregister " 226 printf("securelevel_modcmd::fini: secmodel_deregister "
227 "returned %d\n", error); 227 "returned %d\n", error);
228 228