Subject: Re: Dividing securelevel implications to kauth(9) scopes
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 05/17/2006 20:32:15
YAMAMOTO Takashi wrote:

> i don't think it's so obvious.
> 
> to define a kauth action, we need to figure out
> why sticopen should be prohibited.
> otherwise, we end up to have KAUTH_DRIVER_STICOPEN,
> which is a poor choice, IMO.

See below:

> besides, it can be done by listening more generic actions like "open".
> in that case, you want to pass vnode pointer or dev_t, so that listener
> can check if it's a "dangerous" device.

That's the idea. The list is just where we *currently* check for
the securelevel.

-e.

-- 
Elad Efrat