Re: /sbin/reboot and secmodel

["Terry Moore" <tmm%mcci.com@localhost>]

Daniel Carosone wrote:
> On Tue, Mar 18, 2008 at 05:57:38PM -0400, Terry Moore wrote:
>> In any event, I might have misunderstood, but I don't see how one can
>> add
>> additional behavior to init(8) [pulling in the functionality of
>> reboot(8),
>> in this example] without something like:
>>
>> a) having the person making the extension change source code in init(8),
>
> This is what I mean.  We're not talking about much; reboot/shutdown
> just runs rc.shutdown, kills some processes, and/or calls reboot(2).
> We either move that code to init, or have init call the existing
> reboot(8) on receipt of the signal, making reboot called as a user
> into a signal-sending wrapper (the latter is your very basic
> sysv-style init).
>
> The extensibility is in the rc mechanism, just as now.

Different kind of extensibility.  It was suggested that "everything
similar" to reboot(8) be encapsulated by pulling it to init(8).  That
defeats extensibility of the kind I'm talking about. Rc doesn't do it.

> I'm not suggesting every admin does this themselves, though, which is
> maybe what you're worried about?  This would be a change in -current,
> if it goes ahead.

I'm worried about what an admin has to do in order to do interesting
things that *aren't yet* in base tools like reboot(8).  If you follow the
"encapsulate the interesting work in init(8)" pattern, then anything new
would have to be edited into the source code of init(8).

I sense, however, that we're talking past each other.

--Terry