[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Vnode scope implementation
>> - for what kauth_authorize_vnode takes "error" returned from
> Imagine what happens if no secmodels are loaded (but we do have
> listeners, say, for logging). The result inside kauth(9) will be
> "EPERM" (because we'll receive a KAUTH_RESULT_DEFER and no
> KAUTH_RESULT_ALLOW). Legit operations of e.g. me accessing my files
> will be denied. Therefore, we provide a "subsystem result" for
i don't think operations will be denied in that case
because nsecmodels == 0.
> kauth(9) to (a) pass on to listeners in case these are interested in
> it and (b) return in case no secmodels are loaded so we fail-close but
> not render the system unusable.
Main Index |
Thread Index |