tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

To: tech-kern%netbsd.org@localhost
Subject: Re: /sbin/reboot and secmodel
From: Christoph Badura <bad%bsd.de@localhost>
Date: Mon, 17 Mar 2008 23:59:27 +0100

So, assuming that we would want to change our policy of signalling init(8)
to be overridable by different secmodel, why not just implement that?
I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
tries to signal pid 1.

Then Emmanuel can create a secmodel that authorizes specific users to do
that by returing KAUTH_RESULT_ALLOW.

--chris

Follow-Ups:
- Re: /sbin/reboot and secmodel
  - From: Emmanuel Vadot
- Re: /sbin/reboot and secmodel
  - From: Elad Efrat

Prev by Date: Re: /sbin/reboot and secmodel
Next by Date: Re: /sbin/reboot and secmodel
Previous by Thread: Re: /sbin/reboot and secmodel
Next by Thread: Re: /sbin/reboot and secmodel
Indexes:

Home | Main Index | Thread Index | Old Index