Subject: Re: nfs optimization and veriexec
To: None <>
From: YAMAMOTO Takashi <>
List: tech-security
Date: 11/12/2007 20:45:51
> YAMAMOTO Takashi wrote:
> > i don't think the veriexec scope is a good idea in general
> > or an acceptable solution for my specific case.
> That's a different discussion... basically, Veriexec's pseudo
> device provides services like loading, unloading, querying,
> flushing, etc., and may support a few more in the future.
> The idea is to be able to describe each action specifically
> rather than a global "can control Veriexec" or "can't", at least
> in the kauth(9) layer.
> > can you explain why you want to make it veriexec specific?
> Why I want to make what Veriexec specific? the scope? because
> it collects actions relevant only for Veriexec.
> -e.

ah, ok.  then i can understand.
(i thought you meant veriexec-specific vfs/filesystem hooks
given that you suggested to make nfs call it.)