Subject: Re: kauth machdep actions (Re: CVS commit: src)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 12/26/2006 19:17:23
> attached is a diff that:
> - removes 'enum kauth_machdep_req' and any use of it
>
> - moves requests a level up, making them all actions:
> KAUTH_MACHDEP_IOPERM_GET
> KAUTH_MACHDEP_IOPERM_SET
> KAUTH_MACHDEP_IOPL
> KAUTH_MACHDEP_LDT_GET
> KAUTH_MACHDEP_LDT_SET
> KAUTH_MACHDEP_MTRR_GET
> KAUTH_MACHDEP_MTRR_SET
> KAUTH_MACHDEP_UNMANAGEDMEM
>
> - converts sys/arch/* code to use the above.
>
> - adapts secmodel code to the changes, unifying the security policy
> for them:
> KAUTH_MACHDEP_IOPERM_GET - allow always
> KAUTH_MACHDEP_IOPERM_SET - superuser, securelevel < 1 only
> KAUTH_MACHDEP_IOPL - superuser, securelevel < 1 only
> KAUTH_MACHDEP_LDT_GET - allow always (new action)
> KAUTH_MACHDEP_LDT_SET - allow always (new action)
> KAUTH_MACHDEP_MTRR_GET - allow always (*)
> KAUTH_MACHDEP_MTRR_SET - superuser only
> KAUTH_MACHDEP_UNMANAGEDMEM - superuser, securelevel < 0 only (*)
>
> notes:
> * amd64 code for netbsd32 emulation used to deny MTRR_GET for non-root
> users. I assumed this was a copy/paste error, so the new policy
> always allows MTRR_GET.
>
> * access to unmanaged memory was unified, to check both superuser and
> securelevel. some ports (sun3, hp300, see my original message about
> that) are still not checking either -- these are subject to future
> work, shall we decide to adapt them to the said policy.
>
> please review; if we'll be doing this, it should go to netbsd-4 too.
>
> -e.
seems reasonable to me.
YAMAMOTO Takashi