[Status update] sysctlreg project
John Baldwin
jhb at freebsd.org
Mon Jun 14 20:50:01 UTC 2010
On Monday 14 June 2010 4:03:24 pm Ilya Bakulin wrote:
> On Mon, 14 Jun 2010 08:55:53 -0400
> John Baldwin <jhb at freebsd.org> wrote:
>
> > > This week (14.06 -- 21.06) I will continue to add more and more
FEATUREs. My
> > plan is to finish adding Netgraph-related features by the end of this
week.
> > Also I plan to do some research work to understand how to handle sysctl
change
> > attempts in the kernel. This will be required to implement systcl change
> > handler.
> >
> > Hmm, what are you planning to do in regards to a sysctl change handler? I
> > believe the kern.feature.* sysctls should be read-only by design.
>
> There should be a way to change their state (to allow "spoof-off" of these
values). In the simpliest case, invoking "sysctl kern.feature.foo=0" should
hide feature "foo", and it won't be listed any more, but "sysctl
kern.feature.foo=1" should bring it back. Changing the state of these sysctls
may only be allowed for root, and only if securelevel is lower than X (To Be
Discussed).
> If such scenario is possible, then it's not nessesary to bring new entities
in the base system, we'll use existing "sysctl" application.
Hmmm, is this spoofing a desired feature? If so, perhaps it should be done in
userland via environment options that affect the feature_present(3) API in
libc? (In that case you would write a little feature_present(1) util that
uses the userland API and use this instead of direct sysctls in ports, etc.)
--
John Baldwin
More information about the soc-status
mailing list