On Fri, Jun 11, 2021 at 09:16:46AM -0600, Theo de Raadt wrote: > Dave Voutila <d...@sisu.io> wrote: > > > Theo de Raadt writes: > > > > > Regarding the vmm chunk -- as I said in my other reply, these > > > explanations are too precise. They risk becoming outdated as things > > > change. Furthermore, some of those ioctl may work in one way, but not > > > another way. Which would be too complicated to describe also. I urge > > > simple messaging: > > > > > > .It Va vmm > > > Operations required by > > > .Xr vmd 8 . > > > > > > It is accurate. If someone later wanted to use those operations, they > > > would figure it out by reading kernel and vmd source. > > > > I agree simpler is better. The actual ioctls are documented in vmm.4 and > > this is currently an all-or-nothing thing. You either get to perform all > > operations on the vmm(4) device or none. > > What you just said is the truth. But once you put it in a manual page, > in the future the code may change, and some ioctl might be exposed > without "vmm"..... it is better to be vague. >
Agreed, simpler is better in the pledge docs.
