tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kauth and socket calls (esp. bind())
On Fri, Apr 09, 2010 at 01:11:00PM +0000, Andrew Doran wrote:
>
> Do you think authorization is the correct tool to implement the classic
> bits of zones/jails? I certainly don't. What other examples are there?
Having just done a good bit of it yesterday, I think it's an okay tool
for it. It certainly makes the work very quick.
There are a number of things about kauth that annoy me -- *particularly*
the handling of argument types -- but, with some trivial fixes to 'overlay',
it does make building minor or even major variations on the
"traditional" security model pretty easy.
--
Thor Lancelot Simon
tls%rek.tjls.com@localhost
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract
Home |
Main Index |
Thread Index |
Old Index