tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Secmodel cleanup

On Thu, Oct 1, 2009 at 4:17 AM, Iain Hibbert <> 
> On Wed, 30 Sep 2009, Elad Efrat wrote:
>> One of the things I noticed when working on the proposal is that if we
>> want to remove the need for secmodel_start() calls (and the ugly hack
>> in init_main.c) we need to make sure we still allow secmodels to be
>> loaded quite early during system startup (that is, right after
>> kauth(9) itself starts; see comment in init_main.c:main()).
> Why is that required?  I mean, what happens between these calls that
> actually requires a secmodel to be present (a quick browse revealed no
> kauth requests) and would it be useful (ie non-fatal :) to deny something
> there anyway?

The idea is that we need to allow secmodels to be loaded that early if
we want to allow them to interact with credential management and
inheritance (attach their private data to credentials and such).


Home | Main Index | Thread Index | Old Index