[ moved from source-changes@ ]

> > Module Name:	src
> > Committed By:	yamt
> > Date:		Tue Jun 13 13:52:39 UTC 2006
> > 
> > Modified Files:
> > 	src/sys/kern: uipc_domain.c
> > 
> > Log Message:
> > sysctl_unpcblist: don't abuse kauth_authorize_process for non-process object.
> 
> I plan on removing the CURTAIN() macro.

fine.
it's one of reasons why i looked into this code. :-)

> If we're already looking at it,
> how about we add a KAUTH_GENERIC_CANSEE,

although it's definitely better than CURTAIN or abusing KAUTH_PROCESS_CANSEE,
i'm not sure if it's a good idea.

i'm not even sure if abusing fp->f_cred here is a good idea.

> and model KAUTH_PROCESS_CANSEE
> after process_checkioperm(), and deprecate the latter?
> 
> (or something along these lines)

IMO, performing I/O and "cansee" are very different.

YAMAMOTO Takashi