Re: Secmodel cleanup

To: Iain Hibbert <plunky%rya-online.net@localhost>
Subject: Re: Secmodel cleanup
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Thu, 1 Oct 2009 06:32:12 -0400

On Thu, Oct 1, 2009 at 4:17 AM, Iain Hibbert <plunky%rya-online.net@localhost> 
wrote:
> On Wed, 30 Sep 2009, Elad Efrat wrote:
>
>> One of the things I noticed when working on the proposal is that if we
>> want to remove the need for secmodel_start() calls (and the ugly hack
>> in init_main.c) we need to make sure we still allow secmodels to be
>> loaded quite early during system startup (that is, right after
>> kauth(9) itself starts; see comment in init_main.c:main()).
>
> Why is that required?  I mean, what happens between these calls that
> actually requires a secmodel to be present (a quick browse revealed no
> kauth requests) and would it be useful (ie non-fatal :) to deny something
> there anyway?

The idea is that we need to allow secmodels to be loaded that early if
we want to allow them to interact with credential management and
inheritance (attach their private data to credentials and such).

-e.

References:
- Secmodel cleanup
  - From: Elad Efrat
- Re: Secmodel cleanup
  - From: Elad Efrat
- Re: Secmodel cleanup
  - From: Iain Hibbert

Prev by Date: Re: Secmodel cleanup
Next by Date: Re: Exponential failure
Previous by Thread: Re: Secmodel cleanup
Next by Thread: Debugging the kernel
Indexes:

Home | Main Index | Thread Index | Old Index