Subject: Re: Upcoming security model abstraction
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <email@example.com>
Date: 09/03/2006 19:03:06
> Recently I've been working on abstracting NetBSD's security model
> to its own set of kauth(9) listeners. There's code for the listeners,
> as well as initial diff for replacing the KAUTH_GENERIC_ISSUSER
> requests with something more specific.
> Due to it being spread across multiple files and quite big in size, I've
> placed it all online:
thanks for doing that.
- please make "ISCOPE" a proper reverse-dns strings.
they are in the same namespace as KAUTH_SCOPE_xxx.
- i don't think __CONCAT magic in secmodel_start() is a good idea.
at least, make it SECMODEL_START(), as it can't be a normal function.
also, can you move param.h changes into init_main.c, as it's only place
these definitions are used?
- why arguments of authorize wrappers are of void *?
it seems that you (almost?) always need to cast like (void *)KAUTH_REQ_xxx.
- please make files have some prefixes. bsd44.c is a way too generic name.