Re: secmodel_securelevel(9) and machdep.svs.enabled

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: secmodel_securelevel(9) and machdep.svs.enabled
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Wed, 25 Apr 2018 22:00:02 +0200

Le 25/04/2018 à 19:47, Alexander Nasonov a écrit :

Alexander Nasonov wrote:

Alexander Nasonov wrote:

When securelevel is set, should be lock 1->0 change for
machdep.svs.enabled (and possibly for other sysctls related
to recent security mitigations)?


Can I commit the attached patch? (doc update will follow)


If I don't hear any objections, I will commit the patch soon and
I will request a pullup to netbsd-8.

Alex


Yes, it's fine. I've never taken care of securelevel, but your change
can't be incorrect. Perhaps I would use just KAUTH_MACHDEP_SVS instead
of KAUTH_MACHDEP_SVS_DISABLE, in case another operation gets added in
the future, but that doesn't matter.

Maxime

Follow-Ups:
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: matthew green

References:
- secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov
- Re: secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov

Prev by Date: Re: secmodel_securelevel(9) and machdep.svs.enabled
Next by Date: re: secmodel_securelevel(9) and machdep.svs.enabled
Previous by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Next by Thread: re: secmodel_securelevel(9) and machdep.svs.enabled
Indexes:

Home | Main Index | Thread Index | Old Index