Re: Secmodel cleanup

To: tech-kern%netbsd.org@localhost
Subject: Re: Secmodel cleanup
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Wed, 30 Sep 2009 19:48:05 -0400

Hi,

One of the things I noticed when working on the proposal is that if we
want to remove the need for secmodel_start() calls (and the ugly hack
in init_main.c) we need to make sure we still allow secmodels to be
loaded quite early during system startup (that is, right after
kauth(9) itself starts; see comment in init_main.c:main()).

Unfortunately it seems module_init() starts a kthread which (at least
for me) doesn't like being started that early. What I tried, and think
works is the following:

  1. Separete the kthread creation code to its own function, say
module_init2(), and make the current call to module_init() actually be
a module_init2() call
  2. Call (the remaining) module_init() right before calling kauth_init()
  3. Right after calling kauth_init(), call
module_init_class(MODULE_CLASS_SECMODEL) instead of calling
secmodel_start()
  4. Remove the secmodel_start() stuff

IIUC, and from my own tests, this should address the issue.

Does this make sense or is there something I'm missing? (perhaps a
better way to do this? :)

Thanks,

-e.

Follow-Ups:
- Re: Secmodel cleanup
  - From: Iain Hibbert

References:
- Secmodel cleanup
  - From: Elad Efrat

Prev by Date: Re: understanding LOCKDEBUG
Next by Date: Re: Porting USB device driver from Linux
Previous by Thread: Secmodel cleanup
Next by Thread: Re: Secmodel cleanup
Indexes:

Home | Main Index | Thread Index | Old Index