From owner-freebsd-hackers@FreeBSD.ORG  Wed Jan 24 13:23:07 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8283716A402
	for <freebsd-hackers@freebsd.org>; Wed, 24 Jan 2007 13:23:07 +0000 (UTC)
	(envelope-from defan@zenon.net)
Received: from mp.zenon.net (mp.zenon.net [195.2.72.79])
	by mx1.freebsd.org (Postfix) with ESMTP id 00D6113C4C1
	for <freebsd-hackers@freebsd.org>; Wed, 24 Jan 2007 13:23:06 +0000 (UTC)
	(envelope-from defan@zenon.net)
Received: from [192.168.13.151] (account defan@zenon.net)
	by mp.zenon.net (CommuniGate Pro WebUser 4.3.7)
	with HTTP id 17517891; Wed, 24 Jan 2007 16:23:03 +0300
From: "Andrew N. Below" <defan@zenon.net>
To: Max Laier <max@love2party.net>,freebsd-hackers@freebsd.org
X-Mailer: CommuniGate Pro WebUser Interface v.4.3.7
Date: Wed, 24 Jan 2007 16:23:03 +0300
Message-ID: <web-17517891@mp.zenon.net>
In-Reply-To: <200701231410.25946.max@love2party.net>
References: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net>
	<200701231410.25946.max@love2party.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: 
Subject: Re: how to deny reading of several sysctls (for a set of uids, f.e.)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2007 13:23:07 -0000

On Tue, 23 Jan 2007 14:10:19 +0100
  Max Laier <max@love2party.net> wrote:

[..]
> td->td_proc->p_ucred has the user credentials.  You 
>probably want to do 
> your checks in userland_sysctl() according to the 
>comment just above.

Thanks, it is really what I need.

Now I have once more question.
I made the kernel object with one check-function and all 
works fine from userland via syscall().

Is there a documented possibility to use syscalls _inside_ 
kernel code?
In other words, I need to call the function located in 
loadable kernel object from kernel, doesn't matter how 
this would be done (syscall, etc).

My goal is to avoid kernel rebuilding each time after 
function modification.

Is it possible?

--
Andrew N. Below