On Tue, Mar 09, 2010 at 12:57:49PM -0600, Eric Haszlakiewicz wrote: > > This is already a problem with dkctl.
I can disable dkctl and rely on the kernel's autodiscovery of wedges. > And anyway, jacking around with the > userspace daemon is unnecessarily complicated: if you have sufficient access > to do that, you probably have sufficient access to just change the symlink. I want to be able to tell the kernel to mount a device reliably identified by some kind of unique, symbolic name. I want to be able to load a list of permissible such names into the kernel while it's running insecure, and restrict mounting to those and only those when it's running secure. Relying on a userspace daemon for naming makes that impossible. Thor
