|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Dividing securelevel implications to kauth(9) scopes
From: Elad Efrat (elad
NetBSD.org)
Date: Wed May 17 2006 - 13:32:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
YAMAMOTO Takashi wrote:
> i don't think it's so obvious.
>
> to define a kauth action, we need to figure out
> why sticopen should be prohibited.
> otherwise, we end up to have KAUTH_DRIVER_STICOPEN,
> which is a poor choice, IMO.
See below:
> besides, it can be done by listening more generic actions like "open".
> in that case, you want to pass vnode pointer or dev_t, so that listener
> can check if it's a "dangerous" device.
That's the idea. The list is just where we *currently* check for
the securelevel.
-e.
--
Elad Efrat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]