I'm trying to make secmodel_overlay work in my netbsd-5 tree. It appears to have never been adapted when secmodel_securelevel was split out of secmodel_bsd44.
I cannot understand how secmodel_bsd44 arranges that secmodel_securelevel will not see requests unless secmodel_bsd44 arranges to pass them to it. Similarly, I cannot understand how secmodel_overlay arranges that secmodel_bsd44 will not see requests unless secmodel_overlay arranges to pass them to it -- but it must, since if secmodel_bsd44 saw these requests "raw" the overlay secmodel couldn't intercept them and return different results. It seems this probably has to do with the order of initialization of the security modules. But I don't see how that's controlled. So, I can't see how to ensure secmodel_securelevel is compiled in (so that secmodel_bsd44, which is used by secmodel_overlay, can use it) without causing it to see "raw" requests overlay did not intend to dispatch to it. Can someone help me understand these things? Thanks!
