tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Removal of some KAUTH_GENERIC_ISSUSER (pass 1)


Attached is a diff removing some KAUTH_GENERIC_ISSUSER uses in favor of
more meaningful alternatives, some newly added.

Newly added actions/requests:
  - KAUTH_MACHDEP_CMOS, for checking if the CMOS can be read
    from/written to.
  - KAUTH_MACHDEP_CACHEFLUSH_ALL, for checking if the whole CPU cache
    can be flushed (used in compat code only).
  - KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, for checking if a sysctl(9) value
    that doesn't have a custom function handler can be modified.

  - KAUTH_REQ_NETWORK_SOCKET_DROP, for checking if a connection can be

  - KAUTH_REQ_NETWORK_SOCKET_SETPRIV, for checking if privileged
    socket options can be set.

Also note the changes in the ibcs2 compat code. I followed and hopefully the
semantics are the same.



Attachment: pass1.diff
Description: Binary data

Home | Main Index | Thread Index | Old Index