Re: kauth and socket calls (esp. bind())

To: tech-net%netbsd.org@localhost, tech-security%netbsd.org@localhost, tech-kern%netbsd.org@localhost
Subject: Re: kauth and socket calls (esp. bind())
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Fri, 9 Apr 2010 14:25:29 +0200

On Fri, Apr 09, 2010 at 10:24:38AM +0000, Andrew Doran wrote:
> > I'm not sure I grasp how things like the filesystem or device scopes could
> > even really work if you can't make kauth calls with locks held.
> 
> It cannot work without locks held in various places. 
> What it should say is that kauth itself must not take locks..

That doesn't work either for the interesting advanced security models
either. E.g. an implementation of zones/jails must be able to protect
access to the global data structures.

Joerg

Follow-Ups:
- Re: kauth and socket calls (esp. bind())
  - From: Andrew Doran

References:
- kauth and socket calls (esp. bind())
  - From: Thor Lancelot Simon
- Re: kauth and socket calls (esp. bind())
  - From: Andrew Doran

Prev by Date: Re: kauth and socket calls (esp. bind())
Next by Date: Re: kauth and socket calls (esp. bind())
Previous by Thread: Re: kauth and socket calls (esp. bind())
Next by Thread: Re: kauth and socket calls (esp. bind())
Indexes:

Home | Main Index | Thread Index | Old Index