Subject: Re: devfs, was Re: ptyfs fully working now...
To: Daniel Carosone <email@example.com>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 11/16/2004 17:03:36
Content-Type: text/plain; charset=us-ascii
On Wed, Nov 17, 2004 at 11:35:45AM +1100, Daniel Carosone wrote:
> On Tue, Nov 16, 2004 at 04:33:27PM -0800, Bill Studenmund wrote:
> > > Ok, I see. Sounds good then. Another idea was to have a way to freeze=
> > > in its current configuration. I.e. make it so that new devices don't =
> > > automatically. This may be a requirement for certain security applica=
> > We could make that a mount option, or have mount_devfs deal with this s=
> > way.
> .. and/or hook this off securelevel.
I think we'd do better with this being a separate knob. I can envision=20
systems running at securelevel 2 that would both want and not want to be=20
able to add new devices. :-) Consider a system with disks on FC. Disks can=
come and go, but if high securelevel implies no-new-devices, you can't=20
really take advantage of that. I realize some systems may love that, but I=
believe others won't. :-)
As a separate knob, each installation gets to do things as it wants. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----