From owner-svn-src-head@FreeBSD.ORG Sun Jan 25 18:28:55 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22516106566B; Sun, 25 Jan 2009 18:28:55 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail07.syd.optusnet.com.au (mail07.syd.optusnet.com.au [211.29.132.188]) by mx1.freebsd.org (Postfix) with ESMTP id 94B348FC26; Sun, 25 Jan 2009 18:28:54 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from besplex.bde.org (c122-107-120-227.carlnfd1.nsw.optusnet.com.au [122.107.120.227]) by mail07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n0PIST8j032127 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 05:28:31 +1100 Date: Mon, 26 Jan 2009 05:28:29 +1100 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: Ed Schouten In-Reply-To: <20090125175751.GC17198@hoeg.nl> Message-ID: <20090126051910.E2148@besplex.bde.org> References: <200901230058.n0N0wEjY026935@svn.freebsd.org> <20090125162123.GB17198@hoeg.nl> <20090126041926.J43097@delplex.bde.org> <20090125175751.GC17198@hoeg.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@freebsd.org, Tom Rhodes , svn-src-all@freebsd.org, src-committers@freebsd.org, Bruce Evans Subject: Re: svn commit: r187607 - head/usr.bin/truss X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jan 2009 18:28:56 -0000 On Sun, 25 Jan 2009, Ed Schouten wrote: > * Bruce Evans wrote: >> I think it is the longstanding kernel bug in permissions checking >> generally, that the init process and some other non-kernel processes >> are bogusly marked as P_SYSTEM. I use the following fix (this may >> be incomplete): >> >> > > I just looked at the patch and it seems to do the right thing. I can't > seem to find any places in the kernel where it makes sense to let > init(8) use P_SYSTEM (except kern_sig.c ofcourse). I like the cleanups > you made, especially the comparisons with initproc instead of using the > pid. > > Would you mind if I commit your patch to SVN? OK, but please think about the following possible problems: - permissions should be decided in the usual way for init (root should not be restricted except for impossible things), but maybe something (jail?) depends on extra restrictions. - P_SYSTEM has something to do with swapping, and I also removed the PS_INMEM setting for init. I have always used NO_SWAPPING and haven't used a swap partition since memory sizes reached 64MB, so I wouldn't have noticed problems with this. init doesn't run often so it is quite likely to be swapped (if allowed to) if real memory runs out. Bruce