Subject: Re: More pools
To: David Laight <david@l8s.co.uk>
From: Milos Urbanek <urbanek@openbsd.cz>
List: tech-kern
Date: 10/28/2003 21:08:18
On Tue, Oct 28, 2003 at 05:07:14PM +0000, David Laight wrote:
> 
> For credentials we should really merge the pcred and ucred (as used in kernel)
> structures into a single item.  They both have to change for a setuid
> binary anyway.
> (Note that the pcred is never shared - except possibly by irix).
>

This was already done in December 2002 by G. McGarry in his private branch.
I have used this branch while porting the trustedbsd framework from
freebsd to netbsd. Structs ucred and prcred are merged into struct ucred,
ucred is allocated from the pool. I'm running kernel with these ucred
modifications, and with some MAC modules enabled for about 3 months now.

If there will be some interest in the NetBSD comunity I can provide
rather big (13k lines) patch and some additional files, which add
the MAC framework functionality to NetBSD (+merged ucred/pcred). 
However someone has to spend some time while reviewing and commiting
those changes to NetBSD tree (maybe we could start with some extra MAC
branch for now).
If someone is interested in this effort, please let me know.

- Milos

> IMHO we ought to support indefinite sized cr_groups - so a pool doesn't
> work.
> 
> I still think we should be fixing malloc() to that it is better than
> pool_alloc() though...
> 
> 	David
> 
> -- 
> David Laight: david@l8s.co.uk

--