YAMAMOTO Takashi wrote:

> i'm thinking something like this:
> 
> 	disk_userlist_t *list;
> 	error = diskuserlist_query(vp, &list);
> 	...
> 	diskuserlist_foreach(iterator, list) {
> 		if (diskuser_is_a(iterator, "swap")) {
> 			/* the partition is used as swap */
> 			...
> 		}
> 	}
> 	...
> 	diskuserlist_done(list);

this is what each piece of code that wants to query will have to do?
(I hope this is the query routine itself. :)

>> http://nxr.netbsd.org/source/xref/sys/kern/kern_verifiedexec.c#835
> 
> i don't understand the comment.  can you explain?

sure. let's say you run a system with veriexec strict level 1. it won't
deny raw disk access, even to mounts it monitors, so you can just open
the disk for read/write. then, when strict level is raised, we
supposedly have to block raw disk access, but an attacker might already
have a descriptor.

so what I suggested is to keep track of "number of raw disk users" and
just make veriexec not cache the evaluation result if this number is
> 0.

-e.