tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

David Young wrote:

Isn't it hard to know that the design of kauth(9) and the placement of
the hooks is correct for anybody's purposes---Apple's, NetBSD's, yours,
mine---when you do not use the API for anything?

How is the API not in use? what do you think implements "root" and
"securelevel" for several years now? :)

I have a feeling that I am not only one who is anxious to see the
kauth(9) pay-off in a compelling security demonstration or two.

Okay. At the moment, NetBSD uses kauth(9) to implement the traditional
security model it always had: root and securelevel.

Other work using kauth(9) is bad@'s gaols (jails), which you can see

and agc@'s role-based access controls, which you should be able to see
soon. Here's an abstract:

I took the liberty to trim the rest of your email.


Home | Main Index | Thread Index | Old Index