Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: YAMAMOTO Takashi <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 10/28/2006 18:08:05
YAMAMOTO Takashi wrote:
>> YAMAMOTO Takashi wrote:
>>> i'd vote to have a separate "passthru" kauth request.
>>> it's different enough from normal raw device i/o, IMO.
>> I'm somewhat concerned we are providing two requests that can end up
>> implying more or less the same. If we do that, it'll have to be
>> documented properly.
>> How will the policy look like? do we always assume worst-case and
>> act as if "passthru" is raw i/o to mounted disk or memory?
> i'm not sure what you are talking about.
> are you talking about how bsd44 listener should interact with these requests?
yeah. I'm saying:
- a "passthru" request might have same implications as "raw disk i/o"
- how do we make it so that security model developers know to apply the
same (more or less) policy to both requests?