Subject: Re: CVS commit: src/sys
To: Alistair Crooks <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 06/23/2007 14:05:44
On Sat, Jun 23, 2007 at 06:37:20PM +0100, Alistair Crooks wrote:
> As a software developer, my answer to your question would be "no - if
> the complete abstraction has been violated, then it will be harder to
> build models on top of kauth". Has the complete abstraction been violated,
> or just a part of it? Where is the documentation dealing with the
> abstractions, the ways it fits into other kernel code, and the direction
> forward for kauth?
The documentation is poor, but I think the design principle that's been
violated here is pretty obvious: don't expose kauth internals or security
model internals to other code in the kernel, because they will inevitably
abuse it. Authentication data should only *ever* be handled via accessors.
We had that (albeit not in an ideally documented state) and changes like
the current one break it. We should find a way to gain the performance
advantage of the current change without exposing knobs code outside kauth
has no business turning.