Re: RFC: New security model secmodel_securechroot(9)

To: Alan Barrett <apb%cequrux.com@localhost>
Subject: Re: RFC: New security model secmodel_securechroot(9)
From: Iain Hibbert <plunky%rya-online.net@localhost>
Date: Sat, 9 Jul 2011 11:42:39 +0100 (BST)

On Sat, 9 Jul 2011, Alan Barrett wrote:

> On Sat, 09 Jul 2011, Aleksey Cheusov wrote:
> >     ·   Adding and enabling a ppp(4) interface is not allowed.
> >
> >     ·   Adding and enabling a sl(4) interface is not allowed.
> >
> >     ·   Adding and enabling a strip(4) interface is not allowed.
> >
> >     ·   Adding and enabling a tun(4) interface is not allowed.
> >
> >     ·   Adding and enabling a bcsp(4) device is not allowed.
> >
> >     ·   Adding and enabling a btuart(4) device is not allowed.
>
> Can this be generalised to "adding and enabling any kind of network interface
> is not allowed"?

they are all line disciplines, so perhaps 'setting up a line discipline'
could be disabled, but I don't know if kauth has such a thing..

iain

References:
- RFC: New security model secmodel_securechroot(9)
  - From: Aleksey Cheusov
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Alan Barrett

Prev by Date: Re: RFC: New security model secmodel_securechroot(9)
Next by Date: re: RFC: New security model secmodel_securechroot(9)
Previous by Thread: Re: RFC: New security model secmodel_securechroot(9)
Next by Thread: Re: RFC: New security model secmodel_securechroot(9)
Indexes:

Home | Main Index | Thread Index | Old Index