Date: Wed, 31 Jan 2001 10:43:17 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, Andrzej Bialecki <abial@webgiro.com> Subject: Re: cvs commit: src/sys/dev/ata ata-disk.c Message-ID: <XFMail.010131104317.jhb@FreeBSD.org> In-Reply-To: <200101311528.KAA65294@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31-Jan-01 Garrett Wollman wrote: > <<On Wed, 31 Jan 2001 10:19:57 +0100 (CET), Andrzej Bialecki > <abial@webgiro.com> said: > >> Maybe what you want is the sysctl_add_oid(9)? > > No, sysctl(3) should not be used to control device drivers. That is a > job for ioctl(2). sysctl(3) has (or should have) an all-or-nothing > security model: either the user is privileged, and can do anything, or > the user is not privileged, and can do nothing. ioctl(2) provides for > a better security model: whatever permissions the filesystem has for > the device node in question. This doesn't allow different ioctl's to have different permissions. Using ACL's on sysctl's (an inteface for this can be gotten via a sysctlfs rather easily now that we have ACL's for filesystems) does allow this level of control. Not to mention setting an arbitary sysctl is quite easy via sysctl(8), whereas I have to go write some program in C to do each kind of ioctl(2) if I want to go tweak something. Then I have to go hack /etc/rc to make sure my custom program gets called early enough, or if it can wait, I create a script to run my program and stick that script in /usr/local/etc/rc.d/. Or I make a one line change to /etc/sysctl.conf or to /boot/laoder.conf if it is a loader tunable that I want to be set early. > -GAWollman -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010131104317.jhb>