tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Addition to kauth(9) framework

>> [good explanation deleted]
>> Yeah, that part I did get. But:
>  >> The question is *where* new kauth_cred_t instance
>  >> should be created and assigned to the process:
>  >> 1) Inside chroot/fchroot(2) (this is in my patch)
>  >> 2) Modules that adds "credential private data".
>> Is the kauth_t passed to the securchroot secmodule (are all other
>> listeners) by value or by reference (at least conceptually). It has to
>> be by reference, isn't it?
> It is passed by reference.
> sys/types.h:
>   typedef struct kauth_cred *kauth_cred_t
>> You said choosing (2) over (1) would lead to problems in case we have
>> multiple listeners and I fail to understand how,
> If all listerners unshare kauth_cred_t *unconditionally*, we lost data
> set by kauth_cred_setdata. As I said later there is a workaround
> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.

why don't you like it?


>> in that case, choosing
>> (1) over (2) does not lead to (different) problems.
> I don't see any problem with (1)
> -- 
> Best regards, Aleksey Cheusov.

Home | Main Index | Thread Index | Old Index