tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Addition to kauth(9) framework

 >> If all listerners unshare kauth_cred_t *unconditionally*, we lost data
 >> set by kauth_cred_setdata. As I said later there is a workaround
 >> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.

> why don't you like it?

I cannot imagine applications for KAUTH_CRED_CHROOT other than adding
some information to kauth_cred_t, e.g. root directory, chroot serial
number or something equivalent for some purposes. So, a code for
unsharing kauth_cred_t should *always* be called by *all*
listerers/modules before modification.  In my opinion this adds
unnecessary overcomplication for no benefits (unsharing credentials in
chroot(2) unconditionally cannot cause performance degradation). This is
why I think it's better and easier to unshare it in one place, that is
in chroot(2).

Best regards, Aleksey Cheusov.

Home | Main Index | Thread Index | Old Index