On Thu, Jan 01, 2015 at 08:34:44PM +0000, Alexander Nasonov wrote: > > Perhaps having a sysctl to enable/disable it that can only be enabled > > at a low securelevel can let people choose the behavior they want. > > I implemented it, see below, but I feel it's not right to query > securelevel directly, adding new KAUTH_SYSTEM_BPFJIT would be > a better approach. Not sure it's worth the effort.
Until we manage to retire kauth I think we'd better keep its abstraction barriers in place, such as they are. :-/ -- David A. Holland [email protected]
