Re: CVS commit: src/sys/uvm

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

elad%NetBSD.org@localhost said:
> > (cannot be cleared at securelevel>0)
> I was wondering how you achieved that without modifying any of the
> secmodel code itself

Well, that's the problem with kauth: If it needs code changes
for each simple check added in other parts of the kernel, it
twarts modularity and extensibility.
There is some abstaction missing.

> Who's going to take care of that XXX referring to the use of an
> undocumented action, meant to be used only in file-systems?

I did circulate the patch a couple of days ago and raised
exactly that question. You should have read it.
(The semantics of the CHSYSFLAGS check is actually similar
to the va0_disable one: It basically means: you are not
allowed to weaken security related mechanisms at seclevel>0.)

best regards
Matthias



------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------