Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 10/12/2006 11:16:43
YAMAMOTO Takashi wrote:

> what's the semantics of it?  "can access any disks"?

Well, I was thinking the semantics should be the "worse case" because we
don't really know anything more than that raw disk access was required
and the access modes -- we can't tell if it's mounted or not, etc.

So right now it assumes that raw read access is always permitted and
that for raw disk writes you must be in securelevel 0 or less. Of course
that's not set in stone and is subject to change...


Elad Efrat