Hi, On Fri, Feb 19, 2010 at 6:37 AM, Matthias Drochner <m.droch...@fz-juelich.de> wrote: > > e...@netbsd.org said: >> > (cannot be cleared at securelevel>0) >> I was wondering how you achieved that without modifying any of the >> secmodel code itself > > Well, that's the problem with kauth: If it needs code changes > for each simple check added in other parts of the kernel, it > twarts modularity and extensibility. > There is some abstaction missing.
lol, >> Who's going to take care of that XXX referring to the use of an >> undocumented action, meant to be used only in file-systems? > > I did circulate the patch a couple of days ago and raised > exactly that question. You should have read it. > (The semantics of the CHSYSFLAGS check is actually similar > to the va0_disable one: It basically means: you are not > allowed to weaken security related mechanisms at seclevel>0.) rofl. take care, -e.