mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-22 09:43:47 +00:00
Divorce proc0 and proc1 credentials earlier; while this isn't technically
needed in the current code, in the MAC tree, create_init() relies on the ability to modify the credentials present for initproc, and should not perform that modification on a shared credential. Pro-active diff reduction against MAC changes that are in the queue; also facilitates other work, including the capabilities implementation. Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
parent
33c4ab81da
commit
5a06cb0ca6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=95050
|
@ -629,14 +629,21 @@ start_init(void *dummy)
|
|||
static void
|
||||
create_init(const void *udata __unused)
|
||||
{
|
||||
struct ucred *newcred, *oldcred;
|
||||
int error;
|
||||
|
||||
error = fork1(&thread0, RFFDG | RFPROC | RFSTOPPED, &initproc);
|
||||
if (error)
|
||||
panic("cannot fork init: %d\n", error);
|
||||
/* divorce init's credentials from the kernel's */
|
||||
newcred = crget();
|
||||
PROC_LOCK(initproc);
|
||||
initproc->p_flag |= P_SYSTEM;
|
||||
oldcred = initproc->p_ucred;
|
||||
crcopy(newcred, oldcred);
|
||||
initproc->p_ucred = newcred;
|
||||
PROC_UNLOCK(initproc);
|
||||
crfree(oldcred);
|
||||
mtx_lock_spin(&sched_lock);
|
||||
initproc->p_sflag |= PS_INMEM;
|
||||
mtx_unlock_spin(&sched_lock);
|
||||
|
|
Loading…
Reference in a new issue