It seems to me that we have a bunch of details listing various GLDv3
network drivers in the device policy database. E.g., iprb, dnet, vnic,
vni, softmac, aggr, etc. are all listed in /dev/security/device_policy,
and many others are listed in /etc/minor_perm.
My belief, from reading the code, is that network devices need not be
listed in either location. The reason for that is that it would appear
that the code for GLDv3 ensures that the device's minor nodes are
registered as network devices (DN_NETWORK_DRIVER), and that the code for
devpolicy_find() has an explicit handling for such devices:
325 if (i != -1) {
326 res = match_policy(devpolicy[i].t_ent, dev, spec);
327 dphold(res);
328 } else if (devfs_devpolicy(vp, &res) != 0) {
329 res = NETWORK_DRV(maj) ? netpolicy : dfltpolicy;
330 dphold(res);
331 }
(Note that netpolicy above is specifically priv_net_rawaccess. :-)
Hence, wouldn't it be better to clean up the class action scripts for
i.minor_perm and i.devpolicy to eliminate all the GLDv3 drivers from the
listing?
Am I missing some other reason that such devices should be listed in
either /etc/minor_perm or /etc/security/device_policy?
-- Garrett
_______________________________________________
networking-discuss mailing list
[email protected]
