> > 3) There should be capability to optionally install filter the raw
> > device command interface. The filter is built into the kernel at
> > compile-time, but can also be disabled at boot time.
>
> This is the part I really don't like.
>
> Thinking like a sysadmin, I want to be able to run programs that I would
> not allow my users to run or want to be run accidentally. And I do _not_
> want to reboot my kernel just because one of my mirrored disks died, I
> hot-replaced it, and I notice that I need to upgrade the firmware on the
> thing to make it play nice with the other disks in the array.
>
> See? A setup that either allows everything or nothing is fundamentally
> flawed in this kind of situation - suddenly I as a sysadmin cannot do
> something without bringing the machine down. Which makes all the hotplug
> interfaces useless - or then I as a sysadmin just have to leave a kernel
> in place that allows the kinds of raw command accesses that I am so scared
> of.
Good example. (I even implemented something of that sort for downloading
new firmware for Maxtor SCSI drives back when the 1G Panther was a brandy
spanky new thing. I never distributed it and have no plans of doing so.
Amigans as a rule are not good candidates for having such code on hand. The
average Linux SysAdmin should be a few dB smarter and more careful. I don't
think it would be a good thing to force multiple reboots in the situation
you cite. And it does happen.)
{^_^} Joanne Dow
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/