Jason Thorpe wrote:

> I definitely agree with Yamamoto-san here... we should use the  "reverse
> DNS name" convention as well (I would like more of our  subsystems that
> name things to use this convention, including  representing dependencies
> within things like config(8)).

Yeah, there was no good reason to do it the way I originally did so I
changed that earlier today.

> Also, please cite the TN in <sys/kauth.h>, 

Will do...

> and we should also  describe
> which routines are NetBSD extensions (either permanent new  parts of the
> KPI that we have created, or transitional things that  will eventually
> go away...)

Documentation is one thing I haven't touched at all... I would still
like to at least fix the major bug present (wrt/set-id binaries, I
suspect? maybe that's a hint? ;) but I'll definitely get to writing some
of it.

>> - how about providing suser() as a wrapper of  KAUTH_GENERIC_ISSUSER?
>> (for now?)
> I think providing an suser() wrapper would be a fine idea.

I have no problem making suser() work with the kernel authorization KPI
but, like I said in my other mail, I would like to not do that for now.
I'm not sure what concern this is (since I sync the code..) and it is my
hope to bury the concept of "root" at least in the kernel
implementation.

> I would like to thank Elad for picking up this ball and rolling with 
> it, after I nudged him in this direction.

No problem, thanks to you too. :)

-e.

-- 
Elad Efrat