On Mon, Dec 05, 2011 at 02:35:53PM -0500, Elad Efrat wrote: > What the new API allows is interaction between secmodels that are > built by people who are not part of NetBSD and don't want their > secmodel to become part of NetBSD but do want to take advantage of > features in secmodels provided by NetBSD.
That is simply not true. As I have explained in my reply to jym@ you basically provide the same functionality that is already available through the linker. And you want to provide more interaction between secmodels than that the secmodel_eval approach requires changing NetBSD secmodel code to add hooks to be called from 3rd party secmodel through secmodel_eval or adding code to NetBSD secmodel code to call hooks provided by 3rd party secmodels. Neither is possible without "becoming part of NetBSD" or using a source tree with private modifications. In the latter case secmodel_eval adds no value, however. --chris