From owner-freebsd-hackers  Fri Jul 30 17:56:51 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7774214D65; Fri, 30 Jul 1999 17:56:50 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id RAA95155;
	Fri, 30 Jul 1999 17:55:15 -0700 (PDT)
	(envelope-from dillon)
Date: Fri, 30 Jul 1999 17:55:15 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199907310055.RAA95155@apollo.backplane.com>
To: Warner Losh <imp@village.org>
Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>,
	"Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject: Re: So, back on the topic of enabling bpf in GENERIC... 
References: <9518.933378839@zippy.cdrom.com>   <199907302357.RAA85254@harmony.village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:In message <9518.933378839@zippy.cdrom.com> "Jordan K. Hubbard" writes:
:: > There are no security levels > 3.  I'd be happy with > 0.  This is
:: > consistant with the meaning of "raw devices".
:: 
:: Would you be willing to make this change?
:
:Yes.  I will make this change tomorrow unless there is significant
:objections that cannot be resolved in the mean time.
:
:Warner

    It seems to me quite reasonable to prevent further opens of bpf once
    the secure level has been raised above zero.  None of the devices using
    bpf appear to have a rebinding problem (e.g. as opposed to named running
    as non-root), so this would fit in well.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message