--MfFXiAuoTsnnDAfZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 01, 2007 at 06:57:15PM +0200, Elad Efrat wrote:
> YAMAMOTO Takashi wrote:
>=20
> > do you mean you are going to commit your initial patch,
> > ignoring complicated things like partitions,
> > "layered" devices like raidframe, etc?
>=20
> sysdisk(9) does not know about partitions. it knows about physical
> disks. I will say it again: it is what allows a subsystem to say "this
> physical disk is in use by me, and it is so critical that I don't even
> trust you to do the handling of wedges/partitions/labels/whatever
> correctly, and would rather deny all raw access to it".

I'd want to suggest some syntactic sugar here. I agree with Yamamoto-san=20
that sysdisk() users (maybe we need a new name?) need to deal with=20
partitions; any particular user really only can say that a given partition=
=20
is in use.

I agree with you, though, that security policies will most likely want to=
=20
elevate a-partition-in-use to disk-in-use. The syntactic sugar I want to=20
suggest is that we let the security policy make the elevation as opposed=20
to promising it in the use of sysdisk(9). Put another way, I'm suggesting=
=20
we change the documentation to say that the given security policy does=20
this as opposed to the act of calling sysdisk(9) doing it.

Yes, this means the policy needs to see the struct disk, but we really=20
needed that anyway.

Take care,

Bill

--MfFXiAuoTsnnDAfZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFFmWrPWz+3JHUci9cRAlVWAJ9k+OuvLfdPEO4gq2E7uvZlr/BPjwCeMt4m
5rI+LVSQ8UYDJerRvuOvcIo=
=qBVk
-----END PGP SIGNATURE-----

--MfFXiAuoTsnnDAfZ--