diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-04-19 13:35:53 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-04-19 13:35:53 +0000 |
commit | 5a06cb0ca6c81e12b40bab57a071f2f7321ec30e (patch) | |
tree | 25e3bd3e29d95f141b84d5272a6928cce51c5a10 /sys/kern | |
parent | 33c4ab81da1e62dadf8707606de24196e430ad48 (diff) | |
download | src-5a06cb0ca6c81e12b40bab57a071f2f7321ec30e.tar.gz src-5a06cb0ca6c81e12b40bab57a071f2f7321ec30e.zip |
Divorce proc0 and proc1 credentials earlier; while this isn't technically
needed in the current code, in the MAC tree, create_init() relies on the
ability to modify the credentials present for initproc, and should not
perform that modification on a shared credential. Pro-active diff
reduction against MAC changes that are in the queue; also facilitates
other work, including the capabilities implementation.
Submitted by: green
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Notes
Notes:
svn path=/head/; revision=95050
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/init_main.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index 6904392cf5d2..6e9793dd9ca7 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -629,14 +629,21 @@ start_init(void *dummy) static void create_init(const void *udata __unused) { + struct ucred *newcred, *oldcred; int error; error = fork1(&thread0, RFFDG | RFPROC | RFSTOPPED, &initproc); if (error) panic("cannot fork init: %d\n", error); + /* divorce init's credentials from the kernel's */ + newcred = crget(); PROC_LOCK(initproc); initproc->p_flag |= P_SYSTEM; + oldcred = initproc->p_ucred; + crcopy(newcred, oldcred); + initproc->p_ucred = newcred; PROC_UNLOCK(initproc); + crfree(oldcred); mtx_lock_spin(&sched_lock); initproc->p_sflag |= PS_INMEM; mtx_unlock_spin(&sched_lock); |