YAMAMOTO Takashi wrote:

> i think the latter is better.

Okay.

> in this particular case, it depends on the definition of "curtain" things,
> which i'm not aware of.

Well, the file object has credentials 'cred1', and what we want to know
is if the current process, attempting to access data in this file
struct, can do so.

We'll do that using a CANSEE kauth request in the fileop/vnode scope.

> however, in the POV of kauth framework, i think it's better for
> listeners to take an object itself, rather than a credential
> associated to it.

Agreed.

-e.

-- 
Elad Efrat