YAMAMOTO Takashi wrote:

> [ not in this commit, maybe.  i haven't checked. ]
> in nfsrv_fhtovp, you did:
> 
> 	/* First, clear any groups in cred. */
> 	do_ngroups = kauth_cred_ngroups(cred);
> 	for (i = 0; i < do_ngroups; i++)
> 		kauth_cred_delgroup(cred, kauth_cred_group(cred, i));
> 
> i don't think kauth_cred_group() here picks gids as you expected,
> given that kauth_cred_delgroup() seems to modify gid array in a way
> invalidating indexes in it.
> 
> for this kind of code, i think it's convenient to have kauth_cred_clear(),
> which clears all ids in a credential.

Yes, good catch. Jason said there's a kauth_cred_setgroups() so
that's what I'm probably going to use.

-e.

-- 
Elad Efrat