tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Secmodel cleanup



Hi,

One of the things I noticed when working on the proposal is that if we
want to remove the need for secmodel_start() calls (and the ugly hack
in init_main.c) we need to make sure we still allow secmodels to be
loaded quite early during system startup (that is, right after
kauth(9) itself starts; see comment in init_main.c:main()).

Unfortunately it seems module_init() starts a kthread which (at least
for me) doesn't like being started that early. What I tried, and think
works is the following:

  1. Separete the kthread creation code to its own function, say
module_init2(), and make the current call to module_init() actually be
a module_init2() call
  2. Call (the remaining) module_init() right before calling kauth_init()
  3. Right after calling kauth_init(), call
module_init_class(MODULE_CLASS_SECMODEL) instead of calling
secmodel_start()
  4. Remove the secmodel_start() stuff

IIUC, and from my own tests, this should address the issue.

Does this make sense or is there something I'm missing? (perhaps a
better way to do this? :)

Thanks,

-e.


Home | Main Index | Thread Index | Old Index