Greg Troxel wrote: > Kamil Rytarowski <n...@gmx.com> writes: > > > Is it possible to avoid negation in the name? > > > > KAUTH_SYSTEM_ENABLE_SWAP_ENCRYPTION > > I think the point is to have one permission to enable it, which is > perhaps just regular root, and another to disable it if securelevel is > elevated. > > So perhaps there should be two names, one to enable, one to disable.
Kauth is about security rather than speed or convenience. Disabling encryption may improve speed but it definitely degrades your security level. So, you can enable vm.swap_encrypt at any level but you can't disable it if you care about security. -- Alex