Date: Wed, 1 May 2002 21:38:50 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10647 for review Message-ID: <200205020438.g424cor78103@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10647 Change 10647 by rwatson@rwatson_tislabs on 2002/05/01 21:38:24 Introduce a new startup ordering constant: SI_SUB_MAC_LATE. This allows the MAC subsystem to keep a 'mac_late' variable -- it is 0 initially, and set to 1 during SI_SUB_MAC_LATE after all policies have evaluated. This variable will allow modules to determine if they are being loaded "late" -- i.e., following the initialization of the MAC system and all modules linked into the kernel or loaded early. That way they can reject loading in the event that they need to be initialized before any objects are instantiated. This Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#134 edit ... //depot/projects/trustedbsd/mac/sys/sys/kernel.h#10 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#134 (text+ko) ==== @@ -98,6 +98,8 @@ void *labels[MAC_MAX_POLICIES]; }; +int mac_late = 0; + static int mac_enforce_fs = 1; SYSCTL_INT(_security_mac, OID_AUTO, enforce_fs, CTLFLAG_RW, &mac_enforce_fs, 0, "Enforce MAC policy on file system objects"); @@ -223,6 +225,18 @@ } /* + * For the purposes of modules that want to know if they were loaded + * "early", set the mac_late flag once we've processed modules either + * linked into the kernel, or loaded before the kernel startup. + */ +static void +mac_late_init(void) +{ + + mac_late = 1; +} + +/* * Allow MAC policy modules to register during boot, etc. */ int @@ -1812,6 +1826,7 @@ } SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL); +SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL); #else /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/sys/kernel.h#10 (text+ko) ==== @@ -121,6 +121,7 @@ SI_SUB_CPU = 0x2100000, /* CPU resource(s)*/ SI_SUB_MAC = 0x2180000, /* TrustedBSD MAC subsystem */ SI_SUB_MAC_POLICY = 0x21C0000, /* TrustedBSD MAC policies */ + SI_SUB_MAC_LATE = 0x21D0000, /* TrustedBSD MAC subsystem */ SI_SUB_INTRINSIC = 0x2200000, /* proc 0*/ SI_SUB_VM_CONF = 0x2300000, /* config VM, set limits*/ SI_SUB_RUN_QUEUE = 0x2400000, /* set up run queue*/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205020438.g424cor78103>