Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 11/01/2006 17:29:36
> > kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO, r/w/passthru, vp, some_data);
> >
> > i wonder what's the status of devvp branch.
>
> we can only do the above if we can gurantee the vp at all times... for
> now I think we should pass dev:
>
> kauth_authorize_device(cred, KAUTH_DEVICE_RAWIO, r/w/passthru, dev,
> some_data);
>
> (and we note in the man-page listeners for that request should use
> iskmemdev())
seems fine to me.
> and, that allows us to make kauth_authorize_device_tty() a wrapper
> around that one, and not directly call kauth_authorize_action() if we
> want.
i'm not sure if it is counted as a benefit.
> attached new diff that removes the bvp/blkdev usage for usual cases
> and only uses them for veriexec.
seems reasonable.
YAMAMOTO Takashi