Re: Secmodel cleanup

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: Secmodel cleanup
From: Iain Hibbert <plunky%rya-online.net@localhost>
Date: Thu, 1 Oct 2009 09:17:28 +0100 (BST)

On Wed, 30 Sep 2009, Elad Efrat wrote:

> One of the things I noticed when working on the proposal is that if we
> want to remove the need for secmodel_start() calls (and the ugly hack
> in init_main.c) we need to make sure we still allow secmodels to be
> loaded quite early during system startup (that is, right after
> kauth(9) itself starts; see comment in init_main.c:main()).

Why is that required?  I mean, what happens between these calls that
actually requires a secmodel to be present (a quick browse revealed no
kauth requests) and would it be useful (ie non-fatal :) to deny something
there anyway?

iain

Follow-Ups:
- Re: Secmodel cleanup
  - From: Elad Efrat

References:
- Secmodel cleanup
  - From: Elad Efrat
- Re: Secmodel cleanup
  - From: Elad Efrat

Prev by Date: Re: locking patches for ufs_rename
Next by Date: Re: Secmodel cleanup
Previous by Thread: Re: Secmodel cleanup
Next by Thread: Re: Secmodel cleanup
Indexes:

Home | Main Index | Thread Index | Old Index