what's the use-case for disabling encrypted swap later?
i'd argue we should avoid kauth for this and simply disable
it always as i've been unable to think of any use case that
is the only solution.
.mrg.
> I think everybody believes that regardless of securelevel, root
> should be able to enable encrypted swap. But probably almost
> everyone thinks regular users should not be allowed to enable it.
(Throughout the following, I'm using "root" as shorthand for "a user
without suitable privilege".
Alexander Nasonov writes:
> Greg Troxel wrote:
>> Kamil Rytarowski writes:
>>
>> > Is it possible to avoid negation in the name?
>> >
>> > KAUTH_SYSTEM_ENABLE_SWAP_ENCRYPTION
>>
>> I think the point is to have one permission to enable it, which is
>> perhaps just regular root, and another to
Greg Troxel wrote:
> Kamil Rytarowski writes:
>
> > Is it possible to avoid negation in the name?
> >
> > KAUTH_SYSTEM_ENABLE_SWAP_ENCRYPTION
>
> I think the point is to have one permission to enable it, which is
> perhaps just regular root, and another to disable it if securelevel is
>