secmodel order of initialization

To: tech-security%netbsd.org@localhost, tech-kern%netbsd.org@localhost
Subject: secmodel order of initialization
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 8 Apr 2010 12:34:42 -0400

I'm trying to make secmodel_overlay work in my netbsd-5 tree.  It appears
to have never been adapted when secmodel_securelevel was split out of
secmodel_bsd44.

I cannot understand how secmodel_bsd44 arranges that secmodel_securelevel
will not see requests unless secmodel_bsd44 arranges to pass them to it.

Similarly, I cannot understand how secmodel_overlay arranges that
secmodel_bsd44 will not see requests unless secmodel_overlay arranges to
pass them to it -- but it must, since if secmodel_bsd44 saw these requests
"raw" the overlay secmodel couldn't intercept them and return different
results.

It seems this probably has to do with the order of initialization of the
security modules.  But I don't see how that's controlled.

So, I can't see how to ensure secmodel_securelevel is compiled in (so
that secmodel_bsd44, which is used by secmodel_overlay, can use it)
without causing it to see "raw" requests overlay did not intend to
dispatch to it.

Can someone help me understand these things?

Thanks!

Follow-Ups:
- Re: secmodel order of initialization
  - From: Elad Efrat

Prev by Date: Re: lower-case kernel option names
Next by Date: Re: SoC project suggestion
Previous by Thread: lower-case kernel option names
Next by Thread: Re: secmodel order of initialization
Indexes:

Home | Main Index | Thread Index | Old Index