matthew green wrote:
>    
>    > they behave differently only when all listeners are unloaded.
>    > in that case i'm not sure what's a desired behaviour.
>    
>    Question is this: after listeners *are* loaded, and then *unloaded*,
>    and we end up with a system that used to have them but now don't --
>    do we want to give someone a chance to fix this, or remain
>    dysfunctional?
> 
> 
> if someone breaks their system like this, i think that is their
> problem.  we want to fail closed and this seems the best way.

So a boolean should be enough, to just mark "listeners were loaded".

In kauth_authorize_action() we'll simply check for this flag if the
scope has no listeners. If it's TRUE, we'll fail the request, otherwise
allow it.

Accepted?

-e.

-- 
Elad Efrat