On Fri, Apr 09, 2010 at 02:25:29PM +0200, Joerg Sonnenberger wrote: > On Fri, Apr 09, 2010 at 10:24:38AM +0000, Andrew Doran wrote: > > > I'm not sure I grasp how things like the filesystem or device scopes could > > > even really work if you can't make kauth calls with locks held. > > > > It cannot work without locks held in various places. > > What it should say is that kauth itself must not take locks.. > > That doesn't work either for the interesting advanced security models > either. E.g. an implementation of zones/jails must be able to protect > access to the global data structures.
Do you think authorization is the correct tool to implement the classic bits of zones/jails? I certainly don't. What other examples are there?
