On Thu, Oct 12, 2006 at 06:23:42PM +0900, YAMAMOTO Takashi wrote:
> > > what's the semantics of it?  "can access any disks"?
> > 
> > Well, I was thinking the semantics should be the "worse case" because we
> > don't really know anything more than that raw disk access was required
> > and the access modes -- we can't tell if it's mounted or not, etc.
> 
> i agree.
> and it's why i don't think it's a good idea.
> it's better to require caller to specify a device.

I agree.  Preserving the old securelevel 1 semantics would seem to require
this, no?

Those semantics _should_ allow read/write access to unmounted devices
while protecting the TCB, so it would be nice to be able to keep them.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart