Subject: Re: Integrating securelevel and kauth(9)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <email@example.com>
Date: 03/26/2006 01:42:34
> These requests will be implemented as a new kauth(9) scope, called the
> "system" scope.
the fact that "access raw memory" and "change firewall rule" are
controlled by securelevel is not a good reason to put them into
a single scope, IMO.
it's better to write listeners to check "securelevel" variable
for appropriate scopes, rather than having a single scope gathering
these random operations.
ie. i think securelevel should be turned into listener(s), not a scope.
btw, it seems that you are proposing two different things in this mail.
- adapt securelevel to kauth world
- make securelevel a bitmap
i'm not sure if the latter is a good idea.
why bother to complicate securelevel, while you can just have
another listener to implement finer-grained access control?