Subject: Re: Upcoming security model abstraction
To: Elad Efrat <>
From: Daniel Carosone <>
List: tech-security
Date: 08/25/2006 09:57:07
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Aug 25, 2006 at 01:42:46AM +0200, Elad Efrat wrote:
> The idea is that we'll have a new directory under src/sys, called
> 'secmodel'. Each security model we ship (for now there are no plans to
> ship anything other than the one we have now, don't worry :) will be
> under its own directory. The default one is called "bsd44".
> [...]
> Lots of work was put into making this completely transparent.

Without having done more than skim the files in this dir, this is a
great approach.  I look forward to it landing and stimulating future

There would of course be room for refactoring and reorganising the
model implementation (less cascading case statements and smaller
funtions, maybe? whatever..), either within the bsd44 model or between
it and future ones. However, that can -- and should -- come later.
Right now, the only impact this should have might be to consider space
in the directory structure for a common library to be used from
multiple models.  secmodel/common seems fine for that.

I predict, when the time comes, that people will start out developing
new secmodels as "just like bsd44 apart from *this* little change",
and it would be good to facilitate that style of granular overriding,
rather than encouraging wholesale copy/paste of seclevel dirs. (making
securelevel static to bsd44/securelevel.c, as the comments there
indicate, might not be so easy or sensible in that context.)  But
let's leave that till then.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.4 (NetBSD)