Subject: Re: CVS commit: [elad-kernelauth] src/sys
To: YAMAMOTO Takashi <firstname.lastname@example.org>
From: Jason Thorpe <email@example.com>
Date: 03/08/2006 09:06:16
On Mar 8, 2006, at 1:55 AM, YAMAMOTO Takashi wrote:
>>> - how about providing suser() as a wrapper of
>>> KAUTH_GENERIC_ISSUSER? (for now?)
>> There are no more calls to suser() in this branch, why add them
> because it's used often enough and easier to read?
Darwin also provides an suser(), but it carries caveats:
1- It is not implemented as a wrapper around KAUTH_GENERIC_ISSUSER
2- It is marked as "going away".
Also note that the Darwin KAUTH_GENERIC_ISSUSER does NOT take the
accounting flags argument, and thus does not set ASU. I think we
should try to stick to the Darwin KPI as much as possible, so I think
we should also skip the accounting flags argument for
KAUTH_GENERIC_ISSUSER. If we still want to set ASU, then we need to
find another way to do it.
> i think it's better to make it static and
> move process_authorize to kern_auth.c.
> also, for the same reason, function names in the TN
> (kauth_authorize_process/kauth_authorize_generic) are better
> than what you chose, IMO.
Yes, I think we should keep as close to Darwin's KPI as possible, in
(Note, they did something different for the vnode scope [which we
don't have yet], naming it vnode_authorize(), sigh...)