tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/29360: vfs.generic.usermount and mount(8) general questions

On Sun Sep 06 2009 at 13:02:02 -0400, Elad Efrat wrote:
> I agree with Antti here about the sysctl, but I want to replace the
> root check, eventually. What do you guys think about replacing the
> owner/root check with a kauth action that does the same in a
> bsd44-suser listener?

Well, sounds sensible in general, but just some food-for-thought: I wonder
how much of an "ufs syndrome" you are creating for security code, i.e. how
difficult will it be to implement a security model without copypasting
"bsd44" and modifying a few bits here and there and eventually ending
up with 20 slightly different copies of whatever the secmodel equivalent
of rename is?

Home | Main Index | Thread Index | Old Index