source-changes: CVS commit: src/sys/secmodel

Subject: CVS commit: src/sys/secmodel
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 11/24/2007 20:47:14

Module Name:	src
Committed By:	elad
Date:		Sat Nov 24 20:47:14 UTC 2007

Modified Files:
	src/sys/secmodel/bsd44: secmodel_bsd44_suser.c
	src/sys/secmodel/securelevel: secmodel_securelevel.c

Log Message:
Fix a long time issue where the securelevel secmodel would explicitly
allow certain operations.

The suser module of the bsd44 secmodel code was made aware of the missing
operations that were explicitly allowed in the securelevel module, and
the logic in the latter was modified to a default defer, deny where not
allowed.

This concept, which is the correct way to write secmodel code, was first
brought up by pavel@ a long time ago.

okay christos@.


To generate a diff of this commit:
cvs rdiff -r1.38 -r1.39 src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
cvs rdiff -r1.1 -r1.2 src/sys/secmodel/securelevel/secmodel_securelevel.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.