[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Addition to kauth(9) framework
> [good explanation deleted]
> Yeah, that part I did get. But:
>> The question is *where* new kauth_cred_t instance
>> should be created and assigned to the process:
>> 1) Inside chroot/fchroot(2) (this is in my patch)
>> 2) Modules that adds "credential private data".
> Is the kauth_t passed to the securchroot secmodule (are all other
> listeners) by value or by reference (at least conceptually). It has to
> be by reference, isn't it?
It is passed by reference.
typedef struct kauth_cred *kauth_cred_t
> You said choosing (2) over (1) would lead to problems in case we have
> multiple listeners and I fail to understand how,
If all listerners unshare kauth_cred_t *unconditionally*, we lost data
set by kauth_cred_setdata. As I said later there is a workaround
(kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.
> in that case, choosing
> (1) over (2) does not lead to (different) problems.
I don't see any problem with (1)
Best regards, Aleksey Cheusov.
Main Index |
Thread Index |