e...@netbsd.org said: > > (cannot be cleared at securelevel>0) > I was wondering how you achieved that without modifying any of the > secmodel code itself
Well, that's the problem with kauth: If it needs code changes for each simple check added in other parts of the kernel, it twarts modularity and extensibility. There is some abstaction missing. > Who's going to take care of that XXX referring to the use of an > undocumented action, meant to be used only in file-systems? I did circulate the patch a couple of days ago and raised exactly that question. You should have read it. (The semantics of the CHSYSFLAGS check is actually similar to the va0_disable one: It basically means: you are not allowed to weaken security related mechanisms at seclevel>0.) best regards Matthias ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------