Subject: Re: Upcoming security model abstraction
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 09/03/2006 16:12:42
YAMAMOTO Takashi wrote:

> thanks for doing that.

No problem.

> - please make "ISCOPE" a proper reverse-dns strings.
>   they are in the same namespace as KAUTH_SCOPE_xxx.


> - i don't think __CONCAT magic in secmodel_start() is a good idea.
>   at least, make it SECMODEL_START(), as it can't be a normal function.
>   also, can you move param.h changes into init_main.c, as it's only place
>   these definitions are used?

Will change to SECMODEL_START() and move to init_main.c -- I've been
planning on removing it from param.h anyway, it can be really annoying
to rebuild everything. I'll also add a secmodel/secmodel.h to include
from init_main.c, that in turn includes bsd44.h et al.

> - why arguments of authorize wrappers are of void *?
>   it seems that you (almost?) always need to cast like (void *)KAUTH_REQ_xxx.

Yes, that's ugly. As you can see, I've made it all into enums, and I'll
be changing these soon to remove as many casting as possible. Working on
it. :)

> - please make files have some prefixes.  bsd44.c is a way too generic name.

Okay, <model>_foo.c, unless you have an objection.


Elad Efrat