> > If you like, the presence of kauth_cred_destroy() is a bug in the API.
> 
> No. NetBSD pre-kauth had no need for a destroy routine because it
> could declare local static struct ucred/pcred as it needed. NetBSD
> post-kauth needs to get these from the kauth pool, and that is done
> using kauth_cred_alloc() for now. Because this is, as you noted,
> used locally for whatever the function is doing, before exit it should
> free them back -- hence, the need for a destroy routine.
> 
> Think of it like kauth(9)'s version for malloc/free.

why you don't want to use kauth_cred_free?  micro optimization?

YAMAMOTO Takashi