> > sorry, i think i missed the previous discussion.
quoted text
> > can you give me a pointer to it?  was it in this thread?
> > i'm not sure what's "custom knobs".
> 
> Sure, my post on this is available at:
> 
> http://mail-index.netbsd.org/tech-security/2006/01/26/0004.html
> 
> (it basically suggested that if the admin is interested, he can choose
> to have multiple knobs that each controls a different aspect of what
> the single kern.securelevel knob controls today)

thanks.
it sounds like an orthogonal topic to me.
you can always have a listener to check "costum knobs".
(or coalesce it with another listener, if it turns out that
the number of listeners is "critical".)

quoted text
> Do you have suggestions for what other scopes we might want
> to introduce to cover the other aspects of securelevel?

- "lkm" scope?
- "vfs namespace" scope for mount/unmount/etc?
- "machdep" scope?
- "specfs" scope for kmem and raw device?
- "immutable bit" thing should be a part of FILEOP or VNODE scope, maybe.
- misc things might be a part of existing "generic" scope.

it might not be worth to have fine-grained scopes for
slow operations like lkm and mount.

i don't think it's necessary to hurry up to create
scopes for this purpose because there's no need to convert
all securelevel checks at once.
it might be better to create scopes necessary for things currently using
suser first, and see if each aspects of securelevel fit into them,
because the former is more primary user of kauth.
(or wait for apple defining scopes. :-)

YAMAMOTO Takashi