Re: jit code and securelevel

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: jit code and securelevel
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Thu, 1 Jan 2015 20:35:58 +0000

On Thu, Jan 01, 2015 at 08:34:44PM +0000, Alexander Nasonov wrote:
 > > Perhaps having a sysctl to enable/disable it that can only be enabled
 > > at a low securelevel can let people choose the behavior they want.
 > 
 > I implemented it, see below, but I feel it's not right to query
 > securelevel directly, adding new KAUTH_SYSTEM_BPFJIT would be
 > a better approach. Not sure it's worth the effort.

Until we manage to retire kauth I think we'd better keep its
abstraction barriers in place, such as they are. :-/

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Re: jit code and securelevel
  - From: Alexander Nasonov
- Re: jit code and securelevel
  - From: Christos Zoulas
- Re: jit code and securelevel
  - From: Alexander Nasonov

Prev by Date: Re: jit code and securelevel
Next by Date: Re: NTFS: node leak
Previous by Thread: Re: jit code and securelevel
Next by Thread: Re: jit code and securelevel
Indexes:

Home | Main Index | Thread Index | Old Index