Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src First part of secmodel cleanup and other misc. changes:
details: https://anonhg.NetBSD.org/src/rev/e7301707b264
branches: trunk
changeset: 747804:e7301707b264
user: elad <elad%NetBSD.org@localhost>
date: Fri Oct 02 18:50:12 2009 +0000
description:
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
diffstat:
distrib/sets/lists/comp/mi | 5 +-
distrib/sets/lists/modules/mi | 10 +-
sbin/modstat/main.c | 5 +-
sbin/modstat/modstat.8 | 6 +-
share/man/man9/Makefile | 4 +-
share/man/man9/secmodel_bsd44.9 | 26 +-
share/man/man9/secmodel_suser.9 | 49 +
sys/kern/init_main.c | 23 +-
sys/kern/kern_module.c | 22 +-
sys/modules/Makefile | 6 +-
sys/modules/secmodel_bsd44/Makefile | 10 +
sys/modules/secmodel_overlay/Makefile | 10 +
sys/modules/securelevel/Makefile | 10 +
sys/modules/suser/Makefile | 10 +
sys/rump/librump/rumpkern/Makefile.rumpkern | 6 +-
sys/rump/librump/rumpkern/misc_stub.c | 27 +-
sys/rump/librump/rumpkern/rump.c | 8 +-
sys/rump/librump/rumpvfs/rump_vfs.c | 7 +-
sys/secmodel/bsd44/bsd44.h | 8 +-
sys/secmodel/bsd44/files.bsd44 | 6 +-
sys/secmodel/bsd44/secmodel_bsd44.c | 122 +-
sys/secmodel/bsd44/secmodel_bsd44_logic.c | 54 -
sys/secmodel/bsd44/secmodel_bsd44_suser.c | 1190 --------------------
sys/secmodel/bsd44/suser.h | 56 -
sys/secmodel/files.secmodel | 7 +-
sys/secmodel/overlay/overlay.h | 7 +-
sys/secmodel/overlay/secmodel_overlay.c | 142 +-
sys/secmodel/securelevel/secmodel_securelevel.c | 90 +-
sys/secmodel/securelevel/securelevel.h | 8 +-
sys/secmodel/suser/files.suser | 5 +
sys/secmodel/suser/secmodel_suser.c | 1313 +++++++++++++++++++++++
sys/secmodel/suser/suser.h | 53 +
sys/sys/module.h | 6 +-
sys/sys/param.h | 4 +-
34 files changed, 1778 insertions(+), 1537 deletions(-)
diffs (truncated from 4018 to 300 lines):
diff -r e059393b8d90 -r e7301707b264 distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Fri Oct 02 18:50:03 2009 +0000
+++ b/distrib/sets/lists/comp/mi Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.1315 2009/10/02 02:45:29 tsarna Exp $
+# $NetBSD: mi,v 1.1316 2009/10/02 18:50:14 elad Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -9067,6 +9067,7 @@
./usr/share/man/cat9/secmodel_bsd44.0 comp-sys-catman .cat
./usr/share/man/cat9/secmodel_overlay.0 comp-sys-catman .cat
./usr/share/man/cat9/secmodel_securelevel.0 comp-sys-catman .cat
+./usr/share/man/cat9/secmodel_suser.0 comp-sys-catman .cat
./usr/share/man/cat9/seldestroy.0 comp-sys-catman .cat
./usr/share/man/cat9/select.0 comp-sys-catman .cat
./usr/share/man/cat9/selinit.0 comp-sys-catman .cat
@@ -14446,6 +14447,7 @@
./usr/share/man/html9/secmodel_bsd44.html comp-sys-htmlman html
./usr/share/man/html9/secmodel_overlay.html comp-sys-htmlman html
./usr/share/man/html9/secmodel_securelevel.html comp-sys-htmlman html
+./usr/share/man/html9/secmodel_suser.html comp-sys-htmlman html
./usr/share/man/html9/seldestroy.html comp-sys-htmlman html
./usr/share/man/html9/select.html comp-sys-htmlman html
./usr/share/man/html9/selinit.html comp-sys-htmlman html
@@ -20022,6 +20024,7 @@
./usr/share/man/man9/secmodel_bsd44.9 comp-sys-man .man
./usr/share/man/man9/secmodel_overlay.9 comp-sys-man .man
./usr/share/man/man9/secmodel_securelevel.9 comp-sys-man .man
+./usr/share/man/man9/secmodel_suser.9 comp-sys-man .man
./usr/share/man/man9/seldestroy.9 comp-sys-man .man
./usr/share/man/man9/select.9 comp-sys-man .man
./usr/share/man/man9/selinit.9 comp-sys-man .man
diff -r e059393b8d90 -r e7301707b264 distrib/sets/lists/modules/mi
--- a/distrib/sets/lists/modules/mi Fri Oct 02 18:50:03 2009 +0000
+++ b/distrib/sets/lists/modules/mi Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2 2009/09/11 22:32:50 mrg Exp $
+# $NetBSD: mi,v 1.3 2009/10/02 18:50:15 elad Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -88,8 +88,16 @@
./@MODULEDIR@/puffs/puffs.kmod base-kernel-modules kmod
./@MODULEDIR@/putter base-kernel-modules kmod
./@MODULEDIR@/putter/putter.kmod base-kernel-modules kmod
+./@MODULEDIR@/secmodel_bsd44 base-kernel-modules kmod
+./@MODULEDIR@/secmodel_bsd44/secmodel_bsd44.kmod base-kernel-modules kmod
+./@MODULEDIR@/secmodel_overlay base-kernel-modules kmod
+./@MODULEDIR@/secmodel_overlay/secmodel_overlay.kmod base-kernel-modules kmod
+./@MODULEDIR@/securelevel base-kernel-modules kmod
+./@MODULEDIR@/securelevel/securelevel.kmod base-kernel-modules kmod
./@MODULEDIR@/smbfs base-kernel-modules kmod
./@MODULEDIR@/smbfs/smbfs.kmod base-kernel-modules kmod
+./@MODULEDIR@/suser base-kernel-modules kmod
+./@MODULEDIR@/suser/suser.kmod base-kernel-modules kmod
./@MODULEDIR@/sysvbfs base-kernel-modules kmod
./@MODULEDIR@/sysvbfs/sysvbfs.kmod base-kernel-modules kmod
./@MODULEDIR@/tmpfs base-kernel-modules kmod
diff -r e059393b8d90 -r e7301707b264 sbin/modstat/main.c
--- a/sbin/modstat/main.c Fri Oct 02 18:50:03 2009 +0000
+++ b/sbin/modstat/main.c Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: main.c,v 1.6 2008/11/16 11:30:55 ad Exp $ */
+/* $NetBSD: main.c,v 1.7 2009/10/02 18:50:14 elad Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__RCSID("$NetBSD: main.c,v 1.6 2008/11/16 11:30:55 ad Exp $");
+__RCSID("$NetBSD: main.c,v 1.7 2009/10/02 18:50:14 elad Exp $");
#endif /* !lint */
#include <sys/module.h>
@@ -49,6 +49,7 @@
"vfs",
"driver",
"exec",
+ "secmodel",
};
static const char *sources[] = {
diff -r e059393b8d90 -r e7301707b264 sbin/modstat/modstat.8
--- a/sbin/modstat/modstat.8 Fri Oct 02 18:50:03 2009 +0000
+++ b/sbin/modstat/modstat.8 Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: modstat.8,v 1.3 2008/11/17 02:22:49 uwe Exp $
+.\" $NetBSD: modstat.8,v 1.4 2009/10/02 18:50:14 elad Exp $
.\"
.\" Copyright (c) 1993 Christopher G. Demetriou
.\" All rights reserved.
@@ -32,7 +32,7 @@
.\"
.\" <<Id: LICENSE,v 1.2 2000/06/14 15:57:33 cgd Exp>>
.\"
-.Dd November 12, 2008
+.Dd September 29, 2009
.Dt MODSTAT 8
.Os
.Sh NAME
@@ -61,7 +61,7 @@
.Bl -tag -width Loadaddr
.It Li CLASS
Module class, such as
-"vfs", "driver", "exec" or "misc".
+"vfs", "driver", "exec", "misc" or "secmodel".
.It Li SOURCE
Where the module was loaded from.
.Qq Dv builtin
diff -r e059393b8d90 -r e7301707b264 share/man/man9/Makefile
--- a/share/man/man9/Makefile Fri Oct 02 18:50:03 2009 +0000
+++ b/share/man/man9/Makefile Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.292 2009/09/16 22:52:40 dyoung Exp $
+# $NetBSD: Makefile,v 1.293 2009/10/02 18:50:13 elad Exp $
# Makefile for section 9 (kernel function and variable) manual pages.
@@ -45,7 +45,7 @@
rt_timer.9 rwlock.9 RUN_ONCE.9 \
sched_4bsd.9 scsipi.9 \
secmodel.9 secmodel_bsd44.9 secmodel_overlay.9 secmodel_securelevel.9 \
- setjmp.9 shutdownhook_establish.9 \
+ secmodel_suser.9 setjmp.9 shutdownhook_establish.9 \
signal.9 sockopt.9 softintr.9 spl.9 splraiseipl.9 \
store.9 suspendsched.9 \
sysctl.9 sysmon_envsys.9 tc.9 tcp_congctl.9 timecounter.9 \
diff -r e059393b8d90 -r e7301707b264 share/man/man9/secmodel_bsd44.9
--- a/share/man/man9/secmodel_bsd44.9 Fri Oct 02 18:50:03 2009 +0000
+++ b/share/man/man9/secmodel_bsd44.9 Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: secmodel_bsd44.9,v 1.11 2007/11/21 22:49:06 elad Exp $
+.\" $NetBSD: secmodel_bsd44.9,v 1.12 2009/10/02 18:50:13 elad Exp $
.\"
.\" Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
.\" All rights reserved.
@@ -25,7 +25,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 21, 2007
+.Dd September 29, 2009
.Dt SECMODEL_BSD44 9
.Os
.Sh NAME
@@ -40,24 +40,14 @@
.Nx .
It is the traditional security model based on
.Bx 4.4
-and is composed of two main concepts, the
-.Em super-user
-and the
-.Em securelevel .
-.Ss Super-user
-The
-.Em super-user
-is the host administrator, considered to have higher privileges than other
-users.
-It is the only entity the kernel recognizes by having an effective user-id
-of zero.
-.Ss Securelevel
-Please refer to
-.Xr secmodel_securelevel 9
-for details.
+and is composed of two separate security models,
+.Xr secmodel_suser 9
+and
+.Xr secmodel_securelevel 9 .
.Sh SEE ALSO
.Xr kauth 9 ,
.Xr secmodel 9 ,
-.Xr secmodel_securelevel 9
+.Xr secmodel_securelevel 9 ,
+.Xr secmodel_suser 9
.Sh AUTHORS
.An Elad Efrat Aq elad%NetBSD.org@localhost
diff -r e059393b8d90 -r e7301707b264 share/man/man9/secmodel_suser.9
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/share/man/man9/secmodel_suser.9 Fri Oct 02 18:50:12 2009 +0000
@@ -0,0 +1,49 @@
+.\" $NetBSD: secmodel_suser.9,v 1.1 2009/10/02 18:50:13 elad Exp $
+.\"
+.\" Copyright (c) 2009 Elad Efrat <elad%NetBSD.org@localhost>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\" derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd September 29, 2009
+.Dt SECMODEL_SUSER 9
+.Os
+.Sh NAME
+.Nm secmodel_suser
+.Nd super-user security model
+.Sh DESCRIPTION
+.Nm
+implements the traditional
+.Em super-user
+(root) as the user with effective user-id
+0.
+The
+.Em super-user
+is the host administrator, considered to have higher privileges than other
+users.
+.Sh SEE ALSO
+.Xr kauth 9 ,
+.Xr secmodel 9 ,
+.Xr secmodel_bsd44 9
+.Sh AUTHORS
+.An Elad Efrat Aq elad%NetBSD.org@localhost
diff -r e059393b8d90 -r e7301707b264 sys/kern/init_main.c
--- a/sys/kern/init_main.c Fri Oct 02 18:50:03 2009 +0000
+++ b/sys/kern/init_main.c Fri Oct 02 18:50:12 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.402 2009/09/29 22:40:15 dyoung Exp $ */
+/* $NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.402 2009/09/29 22:40:15 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.403 2009/10/02 18:50:14 elad Exp $");
#include "opt_ddb.h"
#include "opt_ipsec.h"
@@ -231,8 +231,6 @@
#include <net/if.h>
#include <net/raw_cb.h>
-#include <secmodel/secmodel.h>
-
#include <prop/proplib.h>
#ifdef COMPAT_50
@@ -270,14 +268,6 @@
static void configure2(void);
void main(void);
-void __secmodel_none(void);
-__weak_alias(secmodel_start,__secmodel_none);
-void
-__secmodel_none(void)
-{
- return;
-}
-
/*
* System startup; initialize the world, create process 0, mount root
* filesystem, and fork to create init and pagedaemon. Most of the
@@ -343,6 +333,9 @@
/* Initialize callouts, part 1. */
callout_startup();
+ /* Start module system. */
+ module_init();
+
/*
* Initialize the kernel authorization subsystem and start the
* default security model, if any. We need to do this early
@@ -352,7 +345,7 @@
* any process is created, specifically proc0.
*/
kauth_init();
- secmodel_start();
+ module_init_class(MODULE_CLASS_SECMODEL);
/* Initialize the buffer cache */
bufinit();
@@ -423,8 +416,8 @@
/* Initialize the log device. */
loginit();
- /* Start module system. */
- module_init();
+ /* Second part of module system initialization. */
Home |
Main Index |
Thread Index |
Old Index