[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: Addition to kauth(9) framework
> > In article <20110829003259.913F014A289%mail.netbsd.org@localhost>,
> > YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost> wrote:
> >>> I'd like to apply the attached patch.
> >>> It implements two things:
> >>> - chroot(2)-ed process is given new kauth_cred_t with reference count
> >>> equal to 1.
> >>can you find a way to avoid this?
> >>YAMAMOTO Takashi
> > He tried and I think that this is the minimal hook he needs.
> do you mean that we need to unshare the credential unconditionally,
> regardless his module is used or not? why?
maybe it's just me, but i actually have absolutely no problem
with chroot unsharing kauth_cred_t by default. it just seems
to have more generic safety aspects.
Main Index |
Thread Index |