YAMAMOTO Takashi wrote:
>>> what's the semantics of it?  "can access any disks"?
>> Well, I was thinking the semantics should be the "worse case" because we
>> don't really know anything more than that raw disk access was required
>> and the access modes -- we can't tell if it's mounted or not, etc.
> 
> i agree.
> and it's why i don't think it's a good idea.
> it's better to require caller to specify a device.

The thing is, a device/vnode may not always be available from the
calling context, especially if the direct disk/memory access is indirect
and may happen later. When I added that generic policy, what I had in
mind are some drivers that allow that sort of access, but don't have
any specific disk associated with the call itself.

Try 'grep -r securelevel src/sys/dev/'...

-e.

-- 
Elad Efrat