On Fri, Dec 02, 2005 at 04:14:03PM +0200, Elad Efrat wrote:
> Nathan J. Williams wrote:
> 
> > My thinking is that sysctl(3) should be limited to being a back-end
> > for sysctl(8): individual knobs that are examinable and tweakable by a
> > system administrator.
> 
> We use sysctl(3) outside sysctl(8) a lot. Recent examples: using sysctl
> for reading inet/inet6/local PCBs and protocol statistics instead of
> using /dev/kmem; rpaulo@ even made trpt/trsp use sysctl, which means we
> don't have to give them the sgid kmem bit anymore.
> 
> sysctl is an interface, and I see sysctl(8) as the control program for
> knobs that don't justify their own control program. In the future, I'm
> hoping to use sysctl entirely in netstat(1), but not collapsing
> netstat's functionality into sysctl(8)...

I always thought that sysctl is designed to read or write kernel
variables. netstat does nothing exceptional from that POV. But if I
understand correcly your patch, it uses sysctl as a method to do some
actions, which is quite different. Tradidional use of sysctl is
idempotent - it does not matter if you write the same value multiple
times, and if you read it, you get the same value that was written (unless
it was changed in the meantime). Do the proposed veriexec.load and
veriexec.delete MIBs have those properties?

Pavel Cahyna