Divorce proc0 and proc1 credentials earlier; while this isn't technically

needed in the current code, in the MAC tree, create_init() relies on the
ability to modify the credentials present for initproc, and should not
perform that modification on a shared credential.  Pro-active diff
reduction against MAC changes that are in the queue; also facilitates
other work, including the capabilities implementation.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 7 insertions, 0 deletions

diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c
index 6904392..6e9793d 100644
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@@ -629,14 +629,21 @@ start_init(void *dummy)
 static void
 create_init(const void *udata __unused)
 {
+	struct ucred *newcred, *oldcred;
 	int error;
 
 	error = fork1(&thread0, RFFDG | RFPROC | RFSTOPPED, &initproc);
 	if (error)
 		panic("cannot fork init: %d\n", error);
+	/* divorce init's credentials from the kernel's */
+	newcred = crget();
 	PROC_LOCK(initproc);
 	initproc->p_flag |= P_SYSTEM;
+	oldcred = initproc->p_ucred;
+	crcopy(newcred, oldcred);
+	initproc->p_ucred = newcred;
 	PROC_UNLOCK(initproc);
+	crfree(oldcred);
 	mtx_lock_spin(&sched_lock);
 	initproc->p_sflag |= PS_INMEM;
 	mtx_unlock_spin(&sched_lock);