Subject: Re: Upcoming security model abstraction
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 09/03/2006 16:12:42
YAMAMOTO Takashi wrote:
> thanks for doing that.
> - please make "ISCOPE" a proper reverse-dns strings.
> they are in the same namespace as KAUTH_SCOPE_xxx.
> - i don't think __CONCAT magic in secmodel_start() is a good idea.
> at least, make it SECMODEL_START(), as it can't be a normal function.
> also, can you move param.h changes into init_main.c, as it's only place
> these definitions are used?
Will change to SECMODEL_START() and move to init_main.c -- I've been
planning on removing it from param.h anyway, it can be really annoying
to rebuild everything. I'll also add a secmodel/secmodel.h to include
from init_main.c, that in turn includes bsd44.h et al.
> - why arguments of authorize wrappers are of void *?
> it seems that you (almost?) always need to cast like (void *)KAUTH_REQ_xxx.
Yes, that's ugly. As you can see, I've made it all into enums, and I'll
be changing these soon to remove as many casting as possible. Working on
> - please make files have some prefixes. bsd44.c is a way too generic name.
Okay, <model>_foo.c, unless you have an objection.