tech-kern: Re: CVS commit: src/sys/secmodel/bsd44

Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 10/28/2006 18:08:05

YAMAMOTO Takashi wrote:
>> YAMAMOTO Takashi wrote:
>>
>>> i'd vote to have a separate "passthru" kauth request.
>>> it's different enough from normal raw device i/o, IMO.
>> I'm somewhat concerned we are providing two requests that can end up
>> implying more or less the same. If we do that, it'll have to be
>> documented properly.
>>
>> How will the policy look like? do we always assume worst-case and
>> act as if "passthru" is raw i/o to mounted disk or memory?
> 
> i'm not sure what you are talking about.
> are you talking about how bsd44 listener should interact with these requests? 

yeah. I'm saying:

- a "passthru" request might have same implications as "raw disk i/o"
  request.

- how do we make it so that security model developers know to apply the
  same (more or less) policy to both requests?

-e.

-- 
Elad Efrat