tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
On Apr 11, 9:30pm, elad%NetBSD.org@localhost (Elad Efrat) wrote:
-- Subject: Re: Removal of some KAUTH_GENERIC_ISSUSER (pass 1)
| Christos Zoulas wrote:
|
| >> Any comments regarding the rest of the diff?
| >
| > The diff looks fine, but (in the non-diff case) I would prefer in the
| > default cases to deny instead.
|
| This is beyond the scope of this thread, but--
|
| The default result is "defer", and if the listener wants to explicitly
| allow, it returns "allow". If, eventually, no listener returns "allow",
| or at least one listener returns "deny", the operation is denied.
|
| Do you want to change this logic? (if yes, why?)
Look for default: in secmodel_44_suser.c. There are a lot of DEFER's
but there are a couple of ALLOWS and quite a few that do nothing.
I think that all the defaults should be treated the same way or there
should be a big fat comment explaining why this is not the case :-)
christos
Home |
Main Index |
Thread Index |
Old Index