From owner-freebsd-current@FreeBSD.ORG  Thu May 29 10:09:39 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 89385F8F
 for <freebsd-current@freebsd.org>; Thu, 29 May 2014 10:09:39 +0000 (UTC)
Received: from frv189.fwdcdn.com (frv189.fwdcdn.com [212.42.77.189])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 41D7726D5
 for <freebsd-current@freebsd.org>; Thu, 29 May 2014 10:09:38 +0000 (UTC)
Received: from [10.10.1.30] (helo=frv196.fwdcdn.com)
 by frv189.fwdcdn.com with esmtp ID 1Wpx1e-000Oo2-VF
 for freebsd-current@freebsd.org; Thu, 29 May 2014 12:53:30 +0300
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
 s=ffe; 
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:To:Subject:From:Date;
 bh=rCbqfQcrjHt0/AIQp9gTM5826GOAF14ChYnVf57bVLw=; 
 b=CHc/nZz5+wGBgQcztXnJFwcTveBFcqvucKlRCsr/xedvNyRSBOaS7dbi5Pa0slZpsa8p1WdvH4sWw/UR4g9MJYrkzlJWU9E0LE10NXJHXuC5H8AYiaJeUiEPua6NWNwrco97zkOLQiQuzZA9BcFyD9GcyUVXBvIPJknL7cZLwSI=;
Received: from [10.10.10.45] (helo=frv45.fwdcdn.com)
 by frv196.fwdcdn.com with smtp ID 1Wpx1S-000PUk-3w
 for freebsd-current@freebsd.org; Thu, 29 May 2014 12:53:18 +0300
Date: Thu, 29 May 2014 12:53:17 +0300
From: Vladimir Sharun <atz@ukr.net>
Subject: Re[2]: gpart destroy, zpool destroy, zfs destroy under securelevel 3
To: Current FreeBSD <freebsd-current@freebsd.org>
X-Mailer: mail.ukr.net 5.0
Message-Id: <1401357052.818428607.9yey1nqq@frv45.fwdcdn.com>
In-Reply-To: <5386FDC7.3020806@yandex.ru>
References: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com>
 <5386EBC6.2090306@yandex.ru>
 <1401353579.467560473.vpvuu1e5@frv45.fwdcdn.com>
 <5386FDC7.3020806@yandex.ru>
MIME-Version: 1.0
Received: from atz@ukr.net by frv45.fwdcdn.com; Thu, 29 May 2014 12:53:17 +0300
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 May 2014 10:09:39 -0000

Hello,

> Ok, you are right. But geom_dev restricts access only from user level
> applications. When GEOM object does access directly via GEOM methods
> this protection won't work. And it seems it isn't easy to fix, all
> classes should have own check.

Thank you for better clarification. This is the goal I mentioned in
first email: GEOM & ZFS layers/subsystems are securelevel ignorant.