Subject: Re: Getting rid of /dev/veriexec
To: Elad Efrat <>
From: Bill Studenmund <>
List: tech-kern
Date: 12/02/2005 15:44:55
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 02, 2005 at 05:51:09PM +0200, Elad Efrat wrote:
> Jason Thorpe wrote:
> > As you said before, there is really no change to veriexec here except=
> > for "sysctl entry point vs device entry point".  Since both choices  are
> > basically non-optimal, I don't see any real benefit to changing=20
> > veriexec at this time, since you're just trading one ugly solution  for
> > another.
> While there is no change to the end-user here, I *still* think that
> sysctl is a more logical place to have these hooks in.

Yes. We all know that.

The vast majority of us, though, disagree.

> The change is intended to unify the userland access to Veriexec-related
> settings, and like Nathan said -- a matter of taste.

As you agree it's a matter of taste, why are you pushing it in face of=20
this much strong opposition? You've managed to trigger one of the fastest=
threads I've seen on tech-kern in a while. Within a few short hours, we=20
are at over 50 messages in the thread...

> Because the diff reuses the code from sys/dev/verified_exec.c only in
> sys/kern/kern_verifiedexec.c, how would it hurt to do this move, even
> for the sake of having to maintain one less file?






You admit there is no strong technical reason for the move, it's a matter=
of taste. This move tastes bad to a lot of folks.

> In time, when sysctl (or part of it) uses a different interface, we'll
> have to do the move anyway; why not unify it now, then?

Because it already has an interface that many of us consider superior to=20

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)