Re: (Semi-random) thoughts on device tree structure and devfs

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Tue, Mar 09, 2010 at 12:57:49PM -0600, Eric Haszlakiewicz wrote:
> 
> This is already a problem with dkctl.

I can disable dkctl and rely on the kernel's autodiscovery of wedges.

> And anyway, jacking around with the
> userspace daemon is unnecessarily complicated: if you have sufficient access
> to do that, you probably have sufficient access to just change the symlink.

I want to be able to tell the kernel to mount a device reliably identified
by some kind of unique, symbolic name.  I want to be able to load a list
of permissible such names into the kernel while it's running insecure, and
restrict mounting to those and only those when it's running secure.

Relying on a userspace daemon for naming makes that impossible.

Thor