> > besides, it can be done by listening more generic actions like "open".
> > in that case, you want to pass vnode pointer or dev_t, so that listener
> > can check if it's a "dangerous" device.
> 
> That's the idea. The list is just where we *currently* check for
> the securelevel.

ok, fine.
your comment "it's clear we have no context needed" made me think
something like KAUTH_DRIVER_STICOPEN. :-)

YAMAMOTO Takashi