Subject: Re: mount(2) on kauth(9)
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 01/01/2007 21:04:02
YAMAMOTO Takashi wrote:
> i think something like the following reflects the bsd44 model better.
> how about this?
>
> error = kauth_authorize_foo(CAN_CHANGE_CREDENTIAL_TO_ANY_USER);
> if (error) {
> if (error == EPERM) {
> flags |= NOSUID;
> } else {
> return error;
> }
> }
>
> error = kauth_authorize_foo(CAN_CREATE_DEVICEFILE);
> /* KAUTH_SYSTEM_MKNOD? */
> if (error) {
> if (error == EPERM) {
> flags |= NODEV;
> } else {
> return error;
> }
> }
okay, that looks better. KAUTH_SYSTEM_SETID and KAUTH_SYSTEM_MKNOD okay?
-e.