Robert Watson wrote:

> Some risk comes with the ability to offload decisions to user space --
> among other things, that the access control decision may not be
> performed atomically with respect to the security properties of the
> subject and object, as kernel locks tend not to be something that can be
> held over a user space up-call. Whether this is actually a problem
> depends entirely on the nature of the policy -- for some sorts of
> security policies, it is a show-stopper, but for others it is an
> acceptable trade-off as long as done intentionally.

That is certainly a valid concern; we're still looking at how to get
this done right. See thread:

http://mail-index.netbsd.org/tech-kern/2006/07/21/0000.html

-e.

-- 
Elad Efrat