Subject: Re: Upcoming security model abstraction
To: Elad Efrat <>
From: Rui Paulo <>
List: tech-kern
Date: 08/25/2006 01:42:08
On Aug 25, 2006, at 12:42 AM, Elad Efrat wrote:

> Hi,
> Recently I've been working on abstracting NetBSD's security model
> to its own set of kauth(9) listeners. There's code for the listeners,
> as well as initial diff for replacing the KAUTH_GENERIC_ISSUSER
> requests with something more specific.
> Due to it being spread across multiple files and quite big in size,  
> I've
> placed it all online:
> The idea is that we'll have a new directory under src/sys, called
> 'secmodel'. Each security model we ship (for now there are no plans to
> ship anything other than the one we have now, don't worry :) will be
> under its own directory. The default one is called "bsd44".
> The files suser.[ch] and securelevel.[ch] implement the superuser
> and securelevel implications, respectively. You can see how easy it is
> to inspect the model -- it's all centralized in one easy to read file.

This looks pretty neat. One question: are you going to allow loading  
security models on the fly? Say, I load an LKM to add a new security  
Is this in your plans?

	-- Rui Paulo