Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Sun, 17 May 2020 13:25:24 +0100

Greg Troxel wrote:
> Kamil Rytarowski <n54%gmx.com@localhost> writes:
> 
> > Is it possible to avoid negation in the name?
> >
> > KAUTH_SYSTEM_ENABLE_SWAP_ENCRYPTION
> 
> I think the point is to have one permission to enable it, which is
> perhaps just regular root, and another to disable it if securelevel is
> elevated.
> 
> So perhaps there should be two names, one to enable, one to disable.

Kauth is about security rather than speed or convenience. Disabling
encryption may improve speed but it definitely degrades your security
level. So, you can enable vm.swap_encrypt at any level but you can't
disable it if you care about security.

-- 
Alex

Follow-Ups:
- re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: matthew green
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Greg Troxel

References:
- KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Alexander Nasonov
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Paul Goyette
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Kamil Rytarowski
- Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
  - From: Greg Troxel

Prev by Date: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Next by Date: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Previous by Thread: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Next by Thread: Re: KAUTH_SYSTEM_UNENCRYPTED_SWAP
Indexes:

Home | Main Index | Thread Index | Old Index