tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Secmodel cleanup
Hi,
One of the things I noticed when working on the proposal is that if we
want to remove the need for secmodel_start() calls (and the ugly hack
in init_main.c) we need to make sure we still allow secmodels to be
loaded quite early during system startup (that is, right after
kauth(9) itself starts; see comment in init_main.c:main()).
Unfortunately it seems module_init() starts a kthread which (at least
for me) doesn't like being started that early. What I tried, and think
works is the following:
1. Separete the kthread creation code to its own function, say
module_init2(), and make the current call to module_init() actually be
a module_init2() call
2. Call (the remaining) module_init() right before calling kauth_init()
3. Right after calling kauth_init(), call
module_init_class(MODULE_CLASS_SECMODEL) instead of calling
secmodel_start()
4. Remove the secmodel_start() stuff
IIUC, and from my own tests, this should address the issue.
Does this make sense or is there something I'm missing? (perhaps a
better way to do this? :)
Thanks,
-e.
Home |
Main Index |
Thread Index |
Old Index