Subject: Re: CVS commit: src/sys/secmodel/bsd44
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 10/12/2006 11:29:10
YAMAMOTO Takashi wrote:
>>> what's the semantics of it? "can access any disks"?
>> Well, I was thinking the semantics should be the "worse case" because we
>> don't really know anything more than that raw disk access was required
>> and the access modes -- we can't tell if it's mounted or not, etc.
>
> i agree.
> and it's why i don't think it's a good idea.
> it's better to require caller to specify a device.
The thing is, a device/vnode may not always be available from the
calling context, especially if the direct disk/memory access is indirect
and may happen later. When I added that generic policy, what I had in
mind are some drivers that allow that sort of access, but don't have
any specific disk associated with the call itself.
Try 'grep -r securelevel src/sys/dev/'...
-e.
--
Elad Efrat