[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/sys/uvm
On Fri, Feb 19, 2010 at 6:37 AM, Matthias Drochner
> elad%NetBSD.org@localhost said:
>> > (cannot be cleared at securelevel>0)
>> I was wondering how you achieved that without modifying any of the
>> secmodel code itself
> Well, that's the problem with kauth: If it needs code changes
> for each simple check added in other parts of the kernel, it
> twarts modularity and extensibility.
> There is some abstaction missing.
>> Who's going to take care of that XXX referring to the use of an
>> undocumented action, meant to be used only in file-systems?
> I did circulate the patch a couple of days ago and raised
> exactly that question. You should have read it.
> (The semantics of the CHSYSFLAGS check is actually similar
> to the va0_disable one: It basically means: you are not
> allowed to weaken security related mechanisms at seclevel>0.)
Main Index |
Thread Index |