> For an example of the code I looking at, search for pfind() in
> src/sys/compat/linux/common/linux_sched.c
> where it does:
> 	  kauth_authorize_generic(pc, KAUTH_GENERIC_ISSUSER, NULL) == 0 ||
> 	  kauth_cred_getuid(pc) == kauth_cred_getuid(p->p_cred) ||
> 	  kauth_cred_geteuid(pc) == kauth_cred_getuid(p->p_cred) ||
> 	  kauth_cred_getuid(pc) == kauth_cred_geteuid(p->p_cred) ||
> 	  kauth_cred_geteuid(pc) == kauth_cred_geteuid(p->p_cred)))
> This used to be simple structre indirecting...
> 
> It is possible that this is the same as KAUTH_PROCESS_CANSEE, but who knows.

given that these syscalls are dummy implementations,
i think KAUTH_PROCESS_CANSEE is fine for now.
for longer term, we should define appropriate actions.

YAMAMOTO Takashi