tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kauth and socket calls (esp. bind())

On Fri, Apr 09, 2010 at 01:11:00PM +0000, Andrew Doran wrote:
> Do you think authorization is the correct tool to implement the classic
> bits of zones/jails?  I certainly don't.  What other examples are there?

Having just done a good bit of it yesterday, I think it's an okay tool
for it.  It certainly makes the work very quick.

There are a number of things about kauth that annoy me -- *particularly* 
the handling of argument types -- but, with some trivial fixes to 'overlay',
it does make building minor or even major variations on the
"traditional" security model pretty easy.

Thor Lancelot Simon                           
  "All of my opinions are consistent, but I cannot present them all
   at once."    -Jean-Jacques Rousseau, On The Social Contract

Home | Main Index | Thread Index | Old Index