hi,

to your first question, so_cred are currently not used. the immediate
use of them will be to replace relying on struct uidinfo for the curtain
functionality; however other uses that come to mind are LOCAL_CREDS (as
der mouse pointed out), pf, and generally limiting operations that can
be done on a socket.

testing the changes comes down to two things: making sure we're not
leaking memory (because we're holding/freeing a kauth_cred_t) and
properly managing the credentials inheritance.

the first i tested locally and it seems okay; that's what i'll
appreciate input about if anyone spots an issue. the latter is of less
relevance now because we're not supporting (yet) any sophisticated
privilege system, so we're just inheriting privileges.

does this answer your quesitions..?

-e.

-- 
Elad Efrat