Date: Mon, 2 Jun 2025 21:51:21 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Kyle Evans <kevans@FreeBSD.org> Cc: <src-committers@FreeBSD.org>, <dev-commits-src-all@FreeBSD.org>, <dev-commits-src-main@FreeBSD.org>, <sjg@juniper.net> Subject: Re: git: 61d77e6c0095 - main - loader: allow for exceptions to restricted settings. Message-ID: <74857.1748926281@kaos.jnpr.net> In-Reply-To: <24533e37-2396-40ef-ba84-a5339b811527@FreeBSD.org> References: <202506020549.5525nuDu054998@gitrepo.freebsd.org> <24533e37-2396-40ef-ba84-a5339b811527@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kyle Evans <kevans@FreeBSD.org> wrote: > > loader: allow for exceptions to restricted settings. > > > > We restrict what an unverified loader.conf etc can set, > > and the same restrictions are applied to interactive input. > > We need to allow for exceptions (eg boot_verbose). > > It is best if any allowed settings match up to '='. > > > > If we do not allow it to be set, do not allow it to be unset > > > > Reviewed by: stevek > > Sponsored by: Juniper Networks, Inc. > > --- > Long-term, we should probably work out something that can work for > lualoader, too. We use setenv() there directly rather than adding a > layer of indirection through the command-line parser. Ideally this sort of list should be configurable via a .4th or .lua file (verified of course ;-) But if you use setenv directly - that would have to be where the restrictions are implemented? Indirection can solve many problems.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74857.1748926281>