Re: Vnode scope implementation

To: tech-kern%netbsd.org@localhost
Subject: Re: Vnode scope implementation
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Thu, 16 Jul 2009 19:39:15 +0300

David Young wrote:

Isn't it hard to know that the design of kauth(9) and the placement of
the hooks is correct for anybody's purposes---Apple's, NetBSD's, yours,
mine---when you do not use the API for anything?


How is the API not in use? what do you think implements "root" and
"securelevel" for several years now? :)

I have a feeling that I am not only one who is anxious to see the
kauth(9) pay-off in a compelling security demonstration or two.


Okay. At the moment, NetBSD uses kauth(9) to implement the traditional
security model it always had: root and securelevel.

Other work using kauth(9) is bad@'s gaols (jails), which you can see
here:

        http://2008.asiabsdcon.org/papers/P3A-paper.pdf

and agc@'s role-based access controls, which you should be able to see
soon. Here's an abstract:

        http://www.ukuug.org/events/eurobsdcon2009/talks/#crooks

I took the liberty to trim the rest of your email.

-e.

Follow-Ups:
- Re: Vnode scope implementation
  - From: Christoph Badura
- Re: Vnode scope implementation
  - From: David Young

References:
- Re: Vnode scope implementation
  - From: Elad Efrat
- Re: Vnode scope implementation
  - From: YAMAMOTO Takashi
- Re: Vnode scope implementation
  - From: David Young

Prev by Date: Re: Vnode scope implementation
Next by Date: File system suitable for flash memory [Was: Re: NiLFS(2) import]
Previous by Thread: Re: Vnode scope implementation
Next by Thread: Re: Vnode scope implementation
Indexes:

Home | Main Index | Thread Index | Old Index