tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP



Greg Troxel wrote:
> Kamil Rytarowski <n54%gmx.com@localhost> writes:
> 
> > Is it possible to avoid negation in the name?
> >
> > KAUTH_SYSTEM_ENABLE_SWAP_ENCRYPTION
> 
> I think the point is to have one permission to enable it, which is
> perhaps just regular root, and another to disable it if securelevel is
> elevated.
> 
> So perhaps there should be two names, one to enable, one to disable.

Kauth is about security rather than speed or convenience. Disabling
encryption may improve speed but it definitely degrades your security
level. So, you can enable vm.swap_encrypt at any level but you can't
disable it if you care about security.

-- 
Alex


Home | Main Index | Thread Index | Old Index