Subject: Re: Xen3 update
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-xen
Date: 03/07/2006 21:08:41
On Tue, Mar 07, 2006 at 03:00:49PM -0500, Thor Lancelot Simon wrote:
> On Tue, Mar 07, 2006 at 08:24:32PM +0100, Manuel Bouyer wrote:
> > 
> > INSECURE doesn't affect only the ability to run a X server. I think 
> > a default Xen system behavior should be as close as possible to a plain
> > i386 one.
> 
> I strongly disagree.  The *only* reason INSECURE is in the GENERIC i386
> kernel configuration is because it is required to run XFree.  Other ports'
> GENERICs do not include it.  i386 is an exception from the default NetBSD
> security model; XENU doesn't have to be, and I don't think it should be.

i386 is an exception and XENU is part of i386. I don't think it should
be different from other i386 installation for this.

> 
> Any code that doesn't work on a kernel without INSECURE won't work on
> most people's i386 servers.  There is not much code like that out there,
> and what there is almost all uses memory or i/o access to whack devices
> directly, which you can't do with a XENU kernel anyway.

securelevel=1 also prevent access to block devices in some conditions,
and XENU has block devices. It also prevents some filesystems operations,
and a few other things that will affect a XENU user the same way a GENERIC
user is affected.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--