Thor Lancelot Simon wrote:
According to kauth(9):
Listeners might sleep, so no locks can be held when calling
an authorization wrapper.
According to uipc_socket.c:sobind():
solock(so);
error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
NULL, l);
sounlock(so);
According to in_pcb.c:in_pcbbind():
kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
sin, NULL)
Um. Is it the documentation or the code which should be corrected?
The idea is to encourage developers to structure code so that kauth(9) calls are made with ideally no locks etc. held, but like the man-page states, kauth(9) is under development.
I'm not sure I grasp how things like the filesystem or device scopes could even really work if you can't make kauth calls with locks held.
Which is why kauth(9) isn't yet fully integrated. (See e.g. tmpfs code as the only file-system using kauth(9)) Perhaps you can step up to the plate and address those issues. -e.