YAMAMOTO Takashi wrote:

> although it's definitely better than CURTAIN or abusing KAUTH_PROCESS_CANSEE,
> i'm not sure if it's a good idea.

I'm thinking we need a generic way of checking if object with 'cred1'
can access object with 'cred2'.

Alternatively, we could have these cases in their respective (to-be)
scopes -- either fileop, vnode, network, whatever.

What do you think?

> i'm not even sure if abusing fp->f_cred here is a good idea.

Is there a choice?

> IMO, performing I/O and "cansee" are very different.

Maybe add a KAUTH_PROCESS_IOPERM?

-e.

-- 
Elad Efrat