>
> > It seems to me that we have a bunch of details listing various GLDv3
> > network drivers in the device policy database. E.g., iprb, dnet, vnic,
> > vni, softmac, aggr, etc. are all listed in /dev/security/device_policy,
> > and many others are listed in /etc/minor_perm.
> >
> > My belief, from reading the code, is that network devices need not be
> > listed in either location. The reason for that is that it would appear
> > that the code for GLDv3 ensures that the device's minor nodes are
> > registered as network devices (DN_NETWORK_DRIVER), and that the code for
> > devpolicy_find() has an explicit handling for such devices:
> >
> > 325 if (i != -1) {
> > 326 res = match_policy(devpolicy[i].t_ent, dev, spec);
> > 327 dphold(res);
> > 328 } else if (devfs_devpolicy(vp, &res) != 0) {
> > 329 res = NETWORK_DRV(maj) ? netpolicy : dfltpolicy;
> > 330 dphold(res);
> > 331 }
> >
> >
> > (Note that netpolicy above is specifically priv_net_rawaccess. :-)
> >
> > Hence, wouldn't it be better to clean up the class action scripts for
> > i.minor_perm and i.devpolicy to eliminate all the GLDv3 drivers from the
> > listing?
> >
> > Am I missing some other reason that such devices should be listed in
> > either /etc/minor_perm or /etc/security/device_policy?
>
>I agree, it looks the /etc files can be simplified. I've CC'd Jerry
>Gilliam for confirmation since it seems his integration of 4731567 is what
>added the code you quoted above in devpolicy_find().
>
Coming into this discussion at this point, yes, I think you're
right. The permissions in minor perm and device_policy are
applied dynamically when a corresponding device is opened,
and for devices for which those never apply, any such entries
would be irrelevant.
-jg
_______________________________________________
networking-discuss mailing list
[email protected]
