From owner-soc-status@FreeBSD.ORG Mon Jun 14 20:50:01 2010 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A43AC106568B for ; Mon, 14 Jun 2010 20:50:01 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7494D8FC16 for ; Mon, 14 Jun 2010 20:50:01 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id CB90B46B8A; Mon, 14 Jun 2010 16:50:00 -0400 (EDT) Received: from jhbbsd.localnet (smtp.hudson-trading.com [209.249.190.9]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id B92D18A04E; Mon, 14 Jun 2010 16:49:59 -0400 (EDT) From: John Baldwin To: Ilya Bakulin Date: Mon, 14 Jun 2010 16:36:02 -0400 User-Agent: KMail/1.12.1 (FreeBSD/7.3-CBSD-20100217; KDE/4.3.1; amd64; ; ) References: <20100614151113.17a1c368@kibab.com> <201006140855.53558.jhb@freebsd.org> <20100615000324.3b089478@kibab.com> In-Reply-To: <20100615000324.3b089478@kibab.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201006141636.02843.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Mon, 14 Jun 2010 16:49:59 -0400 (EDT) X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: Alexander Leidinger , soc-status@freebsd.org Subject: Re: [Status update] sysctlreg project X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jun 2010 20:50:01 -0000 On Monday 14 June 2010 4:03:24 pm Ilya Bakulin wrote: > On Mon, 14 Jun 2010 08:55:53 -0400 > John Baldwin wrote: > > > > This week (14.06 -- 21.06) I will continue to add more and more FEATUREs. My > > plan is to finish adding Netgraph-related features by the end of this week. > > Also I plan to do some research work to understand how to handle sysctl change > > attempts in the kernel. This will be required to implement systcl change > > handler. > > > > Hmm, what are you planning to do in regards to a sysctl change handler? I > > believe the kern.feature.* sysctls should be read-only by design. > > There should be a way to change their state (to allow "spoof-off" of these values). In the simpliest case, invoking "sysctl kern.feature.foo=0" should hide feature "foo", and it won't be listed any more, but "sysctl kern.feature.foo=1" should bring it back. Changing the state of these sysctls may only be allowed for root, and only if securelevel is lower than X (To Be Discussed). > If such scenario is possible, then it's not nessesary to bring new entities in the base system, we'll use existing "sysctl" application. Hmmm, is this spoofing a desired feature? If so, perhaps it should be done in userland via environment options that affect the feature_present(3) API in libc? (In that case you would write a little feature_present(1) util that uses the userland API and use this instead of direct sysctls in ports, etc.) -- John Baldwin