Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <elad@NetBSD.org>
From: Bill Studenmund <email@example.com>
Date: 12/02/2005 15:44:55
Content-Type: text/plain; charset=us-ascii
On Fri, Dec 02, 2005 at 05:51:09PM +0200, Elad Efrat wrote:
> Jason Thorpe wrote:
> > As you said before, there is really no change to veriexec here except=
> > for "sysctl entry point vs device entry point". Since both choices are
> > basically non-optimal, I don't see any real benefit to changing=20
> > veriexec at this time, since you're just trading one ugly solution for
> > another.
> While there is no change to the end-user here, I *still* think that
> sysctl is a more logical place to have these hooks in.
Yes. We all know that.
The vast majority of us, though, disagree.
> The change is intended to unify the userland access to Veriexec-related
> settings, and like Nathan said -- a matter of taste.
As you agree it's a matter of taste, why are you pushing it in face of=20
this much strong opposition? You've managed to trigger one of the fastest=
threads I've seen on tech-kern in a while. Within a few short hours, we=20
are at over 50 messages in the thread...
> Because the diff reuses the code from sys/dev/verified_exec.c only in
> sys/kern/kern_verifiedexec.c, how would it hurt to do this move, even
> for the sake of having to maintain one less file?
You admit there is no strong technical reason for the move, it's a matter=
of taste. This move tastes bad to a lot of folks.
> In time, when sysctl (or part of it) uses a different interface, we'll
> have to do the move anyway; why not unify it now, then?
Because it already has an interface that many of us consider superior to=20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----