Subject: Re: new kpi proposal, sysdisk(9)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 12/30/2006 23:27:33
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 30, 2006 at 11:10:37PM -0500, der Mouse wrote:
> > Now, with disklabels, you can load a brand new disklabel into the
> > kernel (I hope it complains, but I am not sure).  But if you can do
> > that, you can do anything.  That door we must close. :-)
>=20
> Fine, provided the admin can either open it again or configure things
> to not close it.  I use that capability too much to be comfortable with
> removing it entirely.  (Not often, and mostly when doing things like
> migrating from one disk to another.  But often enough that it would be
> a right royal - even if only occasional - PITA to lsoe it entirely.)

Sorry, yes, this either would be an at-secure-level (or having set a bit=20
in the kauth bit mask replacing securelevel) thing or there'd be some=20
other knob. Yes, when you're installing, you should be able to do a lot=20
more than you can do in production.

Take care,

Bill

--PEIAKu/WMn1b1Hv9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFFl2ZlWz+3JHUci9cRAqERAJ4sGyFfY5tR8V6mx3xj+A9zyrW4EQCcCKhA
C/9vGln/tg9at/sc4et20Zs=
=s1Zx
-----END PGP SIGNATURE-----

--PEIAKu/WMn1b1Hv9--