[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kauth and socket calls (esp. bind())
On Fri, Apr 09, 2010 at 01:11:00PM +0000, Andrew Doran wrote:
> Do you think authorization is the correct tool to implement the classic
> bits of zones/jails? I certainly don't. What other examples are there?
Having just done a good bit of it yesterday, I think it's an okay tool
for it. It certainly makes the work very quick.
There are a number of things about kauth that annoy me -- *particularly*
the handling of argument types -- but, with some trivial fixes to 'overlay',
it does make building minor or even major variations on the
"traditional" security model pretty easy.
Thor Lancelot Simon
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract
Main Index |
Thread Index |