Re: kauth and socket calls (esp. bind())

To: Andrew Doran <ad%NetBSD.org@localhost>
Subject: Re: kauth and socket calls (esp. bind())
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Fri, 9 Apr 2010 11:02:31 -0400

On Fri, Apr 09, 2010 at 01:11:00PM +0000, Andrew Doran wrote:
> 
> Do you think authorization is the correct tool to implement the classic
> bits of zones/jails?  I certainly don't.  What other examples are there?

Having just done a good bit of it yesterday, I think it's an okay tool
for it.  It certainly makes the work very quick.

There are a number of things about kauth that annoy me -- *particularly* 
the handling of argument types -- but, with some trivial fixes to 'overlay',
it does make building minor or even major variations on the
"traditional" security model pretty easy.

-- 
Thor Lancelot Simon                                    
tls%rek.tjls.com@localhost
  "All of my opinions are consistent, but I cannot present them all
   at once."    -Jean-Jacques Rousseau, On The Social Contract

References:
- kauth and socket calls (esp. bind())
  - From: Thor Lancelot Simon
- Re: kauth and socket calls (esp. bind())
  - From: Andrew Doran
- Re: kauth and socket calls (esp. bind())
  - From: Joerg Sonnenberger
- Re: kauth and socket calls (esp. bind())
  - From: Andrew Doran

Prev by Date: Re: pad(4) in amd64 GENERIC
Next by Date: Re: Missing ACPI PCI devices in acpi_pcidev_scan
Previous by Thread: Re: kauth and socket calls (esp. bind())
Next by Thread: Re: kauth and socket calls (esp. bind())
Indexes:

Home | Main Index | Thread Index | Old Index