Subject: Re: nfs optimization and veriexec
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <firstname.lastname@example.org>
Date: 11/12/2007 09:17:59
YAMAMOTO Takashi wrote:
>> Perhaps it's a good time to introduce said scope, and add an action
>> to indicate whether the NFS optimization can take place. Would that
>> work for you?
> i'm not sure what you mean by "an action to indicate whether the
> NFS optimization can take place."
> do you mean to make nfs call kauth_authorize_foo with the action?
Yes, but that call will only be made if Veriexec is compiled in.
>> The only thing I'm wondering about is what the kernel would do in
>> case Veriexec is not even compiled in... maybe just put in weak-aliased
>> stubs (similar to secmodel_start() in kern/init_main.c).
>> (perhaps having a file that is always compiled and contains weak-aliased
>> always-allow stubs for when conditionally compiled in scopes are not
>> compiled in is appropriate? :)
> i don't understand how it matters.
> do you mean a very veriexec specific scope which doesn't make sense at all
> unless veriexec is compiled in?