Hi, Attached is a diff removing some KAUTH_GENERIC_ISSUSER uses in favor of more meaningful alternatives, some newly added. Newly added actions/requests: - KAUTH_MACHDEP_CMOS, for checking if the CMOS can be read from/written to. - KAUTH_MACHDEP_CACHEFLUSH_ALL, for checking if the whole CPU cache can be flushed (used in compat code only). - KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, for checking if a sysctl(9) value that doesn't have a custom function handler can be modified. - KAUTH_REQ_NETWORK_SOCKET_DROP, for checking if a connection can be dropped. - KAUTH_REQ_NETWORK_SOCKET_SETPRIV, for checking if privileged socket options can be set. Also note the changes in the ibcs2 compat code. I followed http://docsrv.sco.com:507/en/man/html.S/uadmin.S.html and hopefully the semantics are the same. Thanks, -e.
Attachment:
pass1.diff
Description: Binary data