--yudcn1FV7Hsu/q59
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 17, 2004 at 11:35:45AM +1100, Daniel Carosone wrote:
> On Tue, Nov 16, 2004 at 04:33:27PM -0800, Bill Studenmund wrote:
> > > Ok, I see. Sounds good then. Another idea was to have a way to freeze=
 devfs
> > > in its current configuration. I.e. make it so that new devices don't =
appear
> > > automatically. This may be a requirement for certain security applica=
tions.
> >=20
> > We could make that a mount option, or have mount_devfs deal with this s=
ome=20
> > way.
>=20
> .. and/or hook this off securelevel.

I think we'd do better with this being a separate knob. I can envision=20
systems running at securelevel 2 that would both want and not want to be=20
able to add new devices. :-) Consider a system with disks on FC. Disks can=
=20
come and go, but if high securelevel implies no-new-devices, you can't=20
really take advantage of that. I realize some systems may love that, but I=
=20
believe others won't. :-)

As a separate knob, each installation gets to do things as it wants. :-)

Take care,

Bill

--yudcn1FV7Hsu/q59
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFBmqNnWz+3JHUci9cRAm2UAJ4nucMM5hAeid96MSrUeQMAdyB60QCdHGJu
JXENhDe0yucLaARx/kIKMUo=
=TIae
-----END PGP SIGNATURE-----

--yudcn1FV7Hsu/q59--