> YAMAMOTO Takashi wrote:
> 
> > i'm thinking something like this:
> > 
> > 	disk_userlist_t *list;
> > 	error = diskuserlist_query(vp, &list);
> > 	...
> > 	diskuserlist_foreach(iterator, list) {
> > 		if (diskuser_is_a(iterator, "swap")) {
> > 			/* the partition is used as swap */
> > 			...
> > 		}
> > 	}
> > 	...
> > 	diskuserlist_done(list);
> 
> this is what each piece of code that wants to query will have to do?
> (I hope this is the query routine itself. :)

we can make it a subroutine, sure.

> >> http://nxr.netbsd.org/source/xref/sys/kern/kern_verifiedexec.c#835
> > 
> > i don't understand the comment.  can you explain?
> 
> sure. let's say you run a system with veriexec strict level 1. it won't
> deny raw disk access, even to mounts it monitors, so you can just open
> the disk for read/write. then, when strict level is raised, we
> supposedly have to block raw disk access, but an attacker might already
> have a descriptor.
> 
> so what I suggested is to keep track of "number of raw disk users" and
> just make veriexec not cache the evaluation result if this number is
> > 0.
> 
> -e.

assuming you want to have it in spec_open/close,
where to store diskuser_t * can be a problem.

YAMAMOTO Takashi