tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Reduce KAUTH_GENERIC_ISSUSER usage (batch 1)



Hi,

Attached is a diff that reduces the use of KAUTH_GENERIC_ISSUSER. I
plan to commit it a week or so after the branch.

Most of it is mechanically replacing the above action with something
more meaningful, together with the necessary secmodel bits. To make
reviewing easier, below there's a list of files. If you see a file you
want to double-check on that list, see the diff. The files not on the
list are the back-end ones (kauth.h, secmodel_suser.c).

arch/amiga/dev/grf.c
arch/macppc/dev/ofb.c
arch/shark/ofw/vga_ofbus.c
arch/sparc/dev/tctrl.c
arch/sparc64/dev/gfb.c
dev/cons.c
dev/verified_exec.c
dev/dm/device-mapper.c
dev/ic/ct65550.c
dev/ic/midway.c
dev/pci/genfb_pci.c
dev/pci/machfb.c
dev/pci/pci_usrreq.c
dev/pci/pm2fb.c
dev/pci/r128fb.c
dev/pci/radeonfb.c
dev/pci/voodoofb.c
dev/pci/wcfb.c
dev/pci/voyager/voyagerfb.c
dev/tc/pxg.c
dev/wscons/wskbd.c
kern/kern_exec.c
kern/kern_fork.c
kern/sys_mqueue.c
kern/sysv_ipc.c
kern/sysv_msg.c
kern/sysv_sem.c
kern/sysv_shm.c
kern/uipc_sem.c
net/if_bridge.c
net/npf/npf.c
netinet6/in6.c
netinet6/ip6_output.c
netipsec/ipsec.c
sys/ipc.h

(Notice that I took care not to touch any file-system code. I know
people are actively working in this area and I will coordinate changes
with them to minimize interference.)

The purpose of the transition is to finish the secmodel implementation
and have a descriptive authorization KPI. Once that's in place, we can
adapt to a more type-safe interface if we want to because we will know
what context is needed for each action/request etc. So the focus for
the review is "is this the right action/request/context for this part
of the code?" If you find changes where the answer is "no," please
come up with a(n) solution/alternative.

Thanks,

Elad

Attachment: batch1.diff
Description: Binary data



Home | Main Index | Thread Index | Old Index