From owner-freebsd-arch  Mon Nov 26 22:37:28 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from beppo.feral.com (beppo.feral.com [192.67.166.79])
	by hub.freebsd.org (Postfix) with ESMTP id B6DFF37B419
	for <arch@FreeBSD.org>; Mon, 26 Nov 2001 22:37:24 -0800 (PST)
Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1])
	by beppo.feral.com (8.11.3/8.11.3) with ESMTP id fAR6bLW71606;
	Mon, 26 Nov 2001 22:37:21 -0800 (PST)
	(envelope-from mjacob@feral.com)
Date: Mon, 26 Nov 2001 22:37:21 -0800 (PST)
From: Matthew Jacob <mjacob@feral.com>
X-Sender: mjacob@beppo
Reply-To: mjacob@feral.com
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: arch@FreeBSD.org
Subject: Re: Anybody working on devd? 
In-Reply-To: <200111270325.fAR3P6e25466@khavrinen.lcs.mit.edu>
Message-ID: <Pine.BSF.4.21.0111262232470.71581-100000@beppo>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG


Again, this seems wrong to me, but maybe I'm just lacking sleep right now. It
seems to me that permissions set by the driver are meaningless if you then
want the userland daemon to set 'real' policy- remember that there's a time
gap between creating the node (in the driver) and the userland daemon setting
the 'real' mode.

Seems to me that you should then go further (if the device driver isn't really
the owner of mode setting)- make this a ring system where drivers create nodes
that only other entities in the kernel see- but it becomes a userland devd
that makes them visible to the user applications. More like solaris or the AIX
model (I *think* for the latter- just inferring from what I see from user
space - haven't seen AIX source code).

-matt


On Mon, 26 Nov 2001, Garrett Wollman wrote:

> In article <20011126230600$59b3@traf.lcs.mit.edu> you write:
> 
> >It seems to me wrong to do 'adjustments'. Either you have a model that trusts
> >drivers to do the right thing when the call make_dev, or you don't.
> 
> My site policy about what permissions certain device nodes should have
> should not, and in some cases probably cannot, be written directly
> into a device driver.  The driver should use the most conservative
> possible settings -- in most cases, root:wheel/600 -- and let
> user-land code apply whatever policy is desired.  We already have
> mechanisms for expressing some of that policy (e.g., /etc/fbtab) but
> it's not cognizant of transient devices.  That's part of the problem
> which needs to be solved.
> 
> -GAWollman
> 
> -- 
> Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
> wollman@lcs.mit.edu  | O Siem / The fires of freedom 
> Opinions not those of| Dance in the burning flame
> MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message