Subject: Re: Dividing securelevel implications to kauth(9) scopes
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 05/17/2006 20:32:15
YAMAMOTO Takashi wrote:
> i don't think it's so obvious.
> to define a kauth action, we need to figure out
> why sticopen should be prohibited.
> otherwise, we end up to have KAUTH_DRIVER_STICOPEN,
> which is a poor choice, IMO.
> besides, it can be done by listening more generic actions like "open".
> in that case, you want to pass vnode pointer or dev_t, so that listener
> can check if it's a "dangerous" device.
That's the idea. The list is just where we *currently* check for