Subject: Re: Upcoming security model abstraction
To: None <>
From: YAMAMOTO Takashi <>
List: tech-kern
Date: 09/03/2006 19:03:06
> Hi,
> Recently I've been working on abstracting NetBSD's security model
> to its own set of kauth(9) listeners. There's code for the listeners,
> as well as initial diff for replacing the KAUTH_GENERIC_ISSUSER
> requests with something more specific.
> Due to it being spread across multiple files and quite big in size, I've
> placed it all online:

thanks for doing that.

- please make "ISCOPE" a proper reverse-dns strings.
  they are in the same namespace as KAUTH_SCOPE_xxx.

- i don't think __CONCAT magic in secmodel_start() is a good idea.
  at least, make it SECMODEL_START(), as it can't be a normal function.
  also, can you move param.h changes into init_main.c, as it's only place
  these definitions are used?

- why arguments of authorize wrappers are of void *?
  it seems that you (almost?) always need to cast like (void *)KAUTH_REQ_xxx.

- please make files have some prefixes.  bsd44.c is a way too generic name.