tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: secmodel_securelevel(9) and machdep.svs.enabled
Maxime Villard writes:
> Le 25/04/2018 à 19:47, Alexander Nasonov a écrit :
> > Alexander Nasonov wrote:
> >> Alexander Nasonov wrote:
> >>> When securelevel is set, should be lock 1->0 change for
> >>> machdep.svs.enabled (and possibly for other sysctls related
> >>> to recent security mitigations)?
> >>
> >> Can I commit the attached patch? (doc update will follow)
> >
> > If I don't hear any objections, I will commit the patch soon and
> > I will request a pullup to netbsd-8.
it's the right idea to me.
> > Alex
>
> Yes, it's fine. I've never taken care of securelevel, but your change
> can't be incorrect. Perhaps I would use just KAUTH_MACHDEP_SVS instead
> of KAUTH_MACHDEP_SVS_DISABLE, in case another operation gets added in
> the future, but that doesn't matter.
i considered this idea -- plain SVS would have to not include
ENABLE, which doesn't seem right. perhaps another generic
name that implies !enable would work.
.mrg.
Home |
Main Index |
Thread Index |
Old Index