|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Integrating securelevel and kauth(9)
From: YAMAMOTO Takashi (yamt
mwd.biglobe.ne.jp)
Date: Sat Mar 25 2006 - 10:42:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi,
> These requests will be implemented as a new kauth(9) scope, called the
> "system" scope.
the fact that "access raw memory" and "change firewall rule" are
controlled by securelevel is not a good reason to put them into
a single scope, IMO.
it's better to write listeners to check "securelevel" variable
for appropriate scopes, rather than having a single scope gathering
these random operations.
ie. i think securelevel should be turned into listener(s), not a scope.
btw, it seems that you are proposing two different things in this mail.
- adapt securelevel to kauth world
- make securelevel a bitmap
i'm not sure if the latter is a good idea.
why bother to complicate securelevel, while you can just have
another listener to implement finer-grained access control?
YAMAMOTO Takashi
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]