Date: Tue, 15 Jun 2010 00:03:24 +0400 From: Ilya Bakulin <webmaster@kibab.com> To: John Baldwin <jhb@freebsd.org> Cc: Alexander Leidinger <Alexander@leidinger.net>, soc-status@freebsd.org Subject: Re: [Status update] sysctlreg project Message-ID: <20100615000324.3b089478@kibab.com> In-Reply-To: <201006140855.53558.jhb@freebsd.org> References: <20100614151113.17a1c368@kibab.com> <201006140855.53558.jhb@freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, 14 Jun 2010 08:55:53 -0400 John Baldwin <jhb@freebsd.org> wrote: > > This week (14.06 -- 21.06) I will continue to add more and more FEATUREs. My > plan is to finish adding Netgraph-related features by the end of this week. > Also I plan to do some research work to understand how to handle sysctl change > attempts in the kernel. This will be required to implement systcl change > handler. > > Hmm, what are you planning to do in regards to a sysctl change handler? I > believe the kern.feature.* sysctls should be read-only by design. There should be a way to change their state (to allow "spoof-off" of these values). In the simpliest case, invoking "sysctl kern.feature.foo=0" should hide feature "foo", and it won't be listed any more, but "sysctl kern.feature.foo=1" should bring it back. Changing the state of these sysctls may only be allowed for root, and only if securelevel is lower than X (To Be Discussed). If such scenario is possible, then it's not nessesary to bring new entities in the base system, we'll use existing "sysctl" application. -- Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkwWixMACgkQo9vlj1oadwgToQCfVcDIcH6g1Yhw7uwElkhylKrb XiIAn3enXfuuPqyeQSgwQ6AeEJMmcquG =3WT0 -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100615000324.3b089478>