On 13 Mar 2008, at 18:04, Bill Sommerfeld wrote:
> On Wed, 2008-03-12 at 18:11 -0800, Gary Winiger wrote:
>> The deallocation process (and in TX the allocation process)
>> runs the "device clean" program.
>
> device_allocate(4) doesn't mention anything run at deallocation time.
> It mentions a "device-exec" program invoked by allocate(1).
> Do we have a man page bug, or a more serious problem?
device-exec
The physical device's data purge program to be run any
time the device is acted on by allocate(1). This ensures
that all usable data is purged from the physical device
before it is reused. This field contains the filename of
a program in /etc/security/lib or the full pathname of a
cleanup script provided by the system administrator.
The device_allocate(4) manpage does seem incomplete. Looking at the
manpages for allocate(1) and deallocate(1) they do explain that it's
run both at allocation and deallocation. The page should probably be
updated to read "...any time the device is acted upon by allocate(1)
or deallocate(1)".
From the other manpages:
(allocate(1))
When the system is configured with Trusted Extensions, allo-
cate runs the clean program for the device before it grants
access to the caller to that device. For devices with remov-
able media that have a mountable file system, allocate
mounts the media if the caller chooses.
(deallocate(1))
The deallocate command frees an allocated device. It resets
the ownership and permissions on all device special files
associated with the device, disabling access to that device.
deallocate runs the device cleaning program for that device
as specified in device_allocate(4).
(man pages as shipped on S10 8/07)
Bart
