tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: /sbin/reboot and secmodel

So, assuming that we would want to change our policy of signalling init(8)
to be overridable by different secmodel, why not just implement that?
I.e. change secmodel_bsd44 to return KAUTH_RESULT_DEFER when a process
tries to signal pid 1.

Then Emmanuel can create a secmodel that authorizes specific users to do
that by returing KAUTH_RESULT_ALLOW.


Home | Main Index | Thread Index | Old Index