Re: /sbin/reboot and secmodel

[Elad Efrat <elad%NetBSD.org@localhost>]

Christos Zoulas wrote:
> On Mar 17, 11:36pm, elad%NetBSD.org@localhost (Elad Efrat) wrote:
> -- Subject: Re: /sbin/reboot and secmodel
>
> | Christos Zoulas wrote:
> | 
> | > Kill is already special-cased on pid == 1... Perhaps we can add the
> | > kauth glue for reboot (permission check) there too?
> | 
> | How (and where) is kill special-cased on pid == 1?
>
> kern_sig.c:
>
> In killpg1() for example:
>
>                         if (p->p_pid <= 1 || p->p_flag & PK_SYSTEM || p == cp)
>                                 continue;
> ...
>                         if (p->p_pid <= 1 || p->p_flag & PK_SYSTEM)
>                                 continue;
>
> Or in issignal():
>                         /*
>                          * Don't take default actions on system processes.
>                          */
>                         if (p->p_pid <= 1) {
> #ifdef DIAGNOSTIC
>                                 /*
>                                  * Are you sure you want to ignore SIGSEGV
>                                  * in init? XXX
>                                  */

...no? :)

>                                 printf_nolog("Process (pid %d) got sig %d\n",
>                                     p->p_pid, signo);
> #endif
>                                 continue;
>                         }

(we'll have to revisit these special-cases sometime; some of them used
to compare with initproc, and some of them were moved into
secmodel_bsd44's code...

Alright -- can you elaborate on what kind of kauth glue you want to add
there?

-e.