source-changes: Re: CVS commit: src/sys/kern

Subject: Re: CVS commit: src/sys/kern
To: Christos Zoulas <christos@astron.com>
From: Elad Efrat <elad@NetBSD.org>
List: source-changes
Date: 01/28/2007 00:00:01
This is a multi-part message in MIME format.
--------------020805070807000701020608
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Christos Zoulas wrote:
> In article <45BB5F02.90303@NetBSD.org>, Elad Efrat  <elad@NetBSD.org> wrote:
>> YAMAMOTO Takashi wrote:
>>>> Module Name:	src
>>>> Committed By:	elad
>>>> Date:		Fri Jan 26 21:57:47 UTC 2007
>>>>
>>>> Modified Files:
>>>> 	src/sys/kern: init_main.c
>>>>
>>>> Log Message:
>>>> Initialize kauth(9) sooner.
>>>>
>>>>
>>>> To generate a diff of this commit:
>>>> cvs rdiff -r1.288 -r1.289 src/sys/kern/init_main.c
>>>>
>>>> Please note that diffs are not public domain; they are subject to the
>>>> copyright notices on the relevant files.
>>> can you please add a comment?
>>> eg. "this should be done before xxx_init() because..."
>>>
>>> YAMAMOTO Takashi
>> sure. I've updated the cvs message to indicate we're doing this sooner,
>> and at least before proc0_init(), because we'll want to control process
>> creation and inheritance soon in the secmodel code, and for that we need
>> kauth(9) ready earlier.
> 
> I think that it is better if such comments live next to the code....
> 
> christos
> 

is attached diff okay?

-e.


--------------020805070807000701020608
Content-Type: text/plain;
 name="foo.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="foo.diff"

Index: init_main.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/init_main.c,v
retrieving revision 1.290
diff -u -p -r1.290 init_main.c
--- init_main.c	27 Jan 2007 01:13:10 -0000	1.290
+++ init_main.c	26 Jan 2007 11:25:34 -0000
@@ -262,10 +262,15 @@ main(void)
 	/* Initialize callouts. */
 	callout_startup();
 
-	/* Initialize kauth. */
+	/*
+	 * Initialize the kernel authorization subsystem and start the
+	 * default security model, if any. We need to do this early
+	 * enough so that subsystems relying on any of the aforementioned
+	 * can work properly. Since the security model may dictate the
+	 * credential inheritance policy, it is needed at least before
+	 * any process is created, specifically proc0.
+	 */
 	kauth_init();
-
-	/* Initialize default security model. */
 	secmodel_start();
 
 	/* Initialize the buffer cache */

--------------020805070807000701020608--