Subject: Re: procfs/ptrace/systrace/ktrace diff
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 11/26/2006 16:30:15
YAMAMOTO Takashi wrote:
>>>>>> proc_isunder() should be in the secmodel.
>>>>> do you mean chroot(8) should be a part of secmodel?
>>>> it already kinda is. we don't provide any context (yet) but there is
>>>> a chroot action. I would like to move proc_isunder() to the secmodel
>>>> code, yes.
>>> i don't see how it could be done efficiently.
>> are you talking about the entire chroot mechanism or just chroot
>> enforcement for the four subsystems in question?
> the former.

we'll cross that bridge when we get to it. ;)

do you want me to put proc_isunder() back in the callers rather than the
secmodel for now? I don't have a strong opinion about that.

also, other than the above, is it okay to commit?


Elad Efrat