> > because it's used often enough and easier to read?
> 
> No. It is not used often. In fact, in the *elad-kernelauth* branch
> it is not used *at all*.
> 
> The whole idea is to, with time, change these KAUTH_GENERIC_ISSUSER
> to something else -- think capabilities, etc., and moving away from
> the "all or nothing" that has proved to be the weakest security
> model ever designed, IMO.

i agree.

i still don't understand how suser -> KAUTH_GENERIC_ISSUSER change
helps it, tho.

> Is it possible that you hold with this type of comments until more
> of what I have in mind becomes actual code? what you are looking at
> is the subsystem backend that was written while ago and a weekend
> work of making the kernel conform the new KPI.

of course i can.

which type of comments are you talking about?
any comments on the branch?

YAMAMOTO Takashi