Proposal for redesigning the TTY layer
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Feb 14 02:12:54 PST 2008
In message <20080214100840.GQ1340 at hoeg.nl>, Ed Schouten writes:
>> Move prison checks into devfs
>>
>> They do not belong in DEVFS, since that would require DEVFS to know
>> far more about the device semantics if the individual drivers than
>> it ever should.
>>
>> You can put it in the generic tty layer if you want, that would be
>> emminently sensible, but DEVFS is the wrong place for it.
>
>The reason why I was thinking about this, was because devfs already
>stores per-device credentials (see cdevsw's si_cred field). Say, we want
>to expose other resources through devfs (/dev/shm/..., etc), we could
>also prevent access from other prisons there as well.
The problem is that you need to tie several cdevs together in a way
devfs can see, pts%d to ptm%d and so on.
That level of visibility into the device' internal workings is
complex to provide in devfs, if nothing else for locking reasons,
and it is trivial to implemented in the relevant device driver,
where all of the tied devices are very likely have shared softc
data structure and locking.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-arch
mailing list