YAMAMOTO Takashi wrote:

> for bsd44 securelevel listener, i think something like this is enough.
> 
> 	case passthru:
> 		if (securelevel < 1) {
> 			return allow;
> 		} else {
> 			return deny;
> 		}
> 
> alternatively you can probably iterate devices on the bus,
> but i don't think it's worth to do.
> 
>> yeah. I'm saying:
>>
>> - a "passthru" request might have same implications as "raw disk i/o"
>>   request.
>>
>> - how do we make it so that security model developers know to apply the
>>   same (more or less) policy to both requests?
> 
> i don't have any better idea than just documenting them so.

I think what we'll do is document them properly with a big red [1] note
detailing possible implications of such requests.

Any preference as to what scope (I suggest "device") to use and what
arguments to pass?

-e.

[1] It *has* to be red.

-- 
Elad Efrat