YAMAMOTO Takashi wrote:

> i don't think it's so obvious.
> 
> to define a kauth action, we need to figure out
> why sticopen should be prohibited.
> otherwise, we end up to have KAUTH_DRIVER_STICOPEN,
> which is a poor choice, IMO.

See below:

> besides, it can be done by listening more generic actions like "open".
> in that case, you want to pass vnode pointer or dev_t, so that listener
> can check if it's a "dangerous" device.

That's the idea. The list is just where we *currently* check for
the securelevel.

-e.

-- 
Elad Efrat