Date: Thu, 25 Oct 2001 02:19:11 -0700 (PDT) From: John Baldwin <jhb@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: RE: cvs commit: src/sys/sys socketvar.h Message-ID: <XFMail.011025021911.jhb@FreeBSD.org> In-Reply-To: <Pine.NEB.3.96L.1011025090834.58424C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25-Oct-01 Robert Watson wrote: > > On Wed, 24 Oct 2001, John Baldwin wrote: > >> >> On 25-Oct-01 Robert Watson wrote: >> > rwatson 2001/10/24 19:03:37 PDT >> > >> > Modified files: >> > sys/sys socketvar.h >> > Log: >> > o Remove extern showallsockets, defunct as of the change to >> > kern.security.seeotheruids_permitted. This was missed in the >> > commit that made this change elsewhere. >> >> As a somewhat unrelated sidenote: can you trim the name of that sysctl >> to kern.security.seeotheruids, or perhaps to >> kern.security.see_other_uids (which is easier on my eyes at least). It >> would seem that the '_permitted' is redundant and not needed just as the >> old ps syctl was ps_showallprocs, not ps_showallprocs_permitted. > > The theory was I would append _approved and _permitted to fields in > kern.security based on whether the corresponded to feature availability, > or a policy decision. I agree that the current names are unwieldy, but am > not yet sure I know what the right names should be. My temptation was to > stick in an additional name, specifying the policy being modified, and > trim the _whatever: > > kern.security.bsd.see_all_uids > kern.security.bsd.unprivileged_proc_debug > kern.security.bsd.suser_enabled > > This would allow other stuff to be slotted in dynamically when other > policies are active: > > kern.security.cap.cap_enabled > kern.security.cap.global_bound > > kern.security.mac.biba_enabled > kern.security.mac.mls_enabled > kern.security.mac.suser_overrides > > Does this seem more seemly to you? Sure. I'd be tempted to call it kern.security.unix instead of kern.security.bsd, but that would get us in trouble. :) -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011025021911.jhb>