> It seems to me that we have a bunch of details listing various GLDv3
> network drivers in the device policy database. E.g., iprb, dnet, vnic,
> vni, softmac, aggr, etc. are all listed in /dev/security/device_policy,
> and many others are listed in /etc/minor_perm.
>
> My belief, from reading the code, is that network devices need not be
> listed in either location. The reason for that is that it would appear
> that the code for GLDv3 ensures that the device's minor nodes are
> registered as network devices (DN_NETWORK_DRIVER), and that the code for
> devpolicy_find() has an explicit handling for such devices:
>
> 325 if (i != -1) {
> 326 res = match_policy(devpolicy[i].t_ent, dev, spec);
> 327 dphold(res);
> 328 } else if (devfs_devpolicy(vp, &res) != 0) {
> 329 res = NETWORK_DRV(maj) ? netpolicy : dfltpolicy;
> 330 dphold(res);
> 331 }
>
>
> (Note that netpolicy above is specifically priv_net_rawaccess. :-)
>
> Hence, wouldn't it be better to clean up the class action scripts for
> i.minor_perm and i.devpolicy to eliminate all the GLDv3 drivers from the
> listing?
>
> Am I missing some other reason that such devices should be listed in
> either /etc/minor_perm or /etc/security/device_policy?
I agree, it looks the /etc files can be simplified. I've CC'd Jerry
Gilliam for confirmation since it seems his integration of 4731567 is what
added the code you quoted above in devpolicy_find().
--
meem
_______________________________________________
networking-discuss mailing list
[email protected]
