[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Addition to kauth(9) framework
>> [good explanation deleted]
>> Yeah, that part I did get. But:
> >> The question is *where* new kauth_cred_t instance
> >> should be created and assigned to the process:
> >> 1) Inside chroot/fchroot(2) (this is in my patch)
> >> 2) Modules that adds "credential private data".
>> Is the kauth_t passed to the securchroot secmodule (are all other
>> listeners) by value or by reference (at least conceptually). It has to
>> be by reference, isn't it?
> It is passed by reference.
> typedef struct kauth_cred *kauth_cred_t
>> You said choosing (2) over (1) would lead to problems in case we have
>> multiple listeners and I fail to understand how,
> If all listerners unshare kauth_cred_t *unconditionally*, we lost data
> set by kauth_cred_setdata. As I said later there is a workaround
> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.
why don't you like it?
>> in that case, choosing
>> (1) over (2) does not lead to (different) problems.
> I don't see any problem with (1)
> Best regards, Aleksey Cheusov.
Main Index |
Thread Index |