Re: Addition to kauth(9) framework

[Aleksey Cheusov <cheusov%tut.by@localhost>]

> [good explanation deleted]

> Yeah, that part I did get. But:

 >> The question is *where* new kauth_cred_t instance
 >> should be created and assigned to the process:
 >> 1) Inside chroot/fchroot(2) (this is in my patch)
 >> 2) Modules that adds "credential private data".

> Is the kauth_t passed to the securchroot secmodule (are all other
> listeners) by value or by reference (at least conceptually). It has to
> be by reference, isn't it?
It is passed by reference.
sys/types.h:
  typedef struct kauth_cred *kauth_cred_t

> You said choosing (2) over (1) would lead to problems in case we have
> multiple listeners and I fail to understand how,
If all listerners unshare kauth_cred_t *unconditionally*, we lost data
set by kauth_cred_setdata. As I said later there is a workaround
(kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.

> in that case, choosing
> (1) over (2) does not lead to (different) problems.
I don't see any problem with (1)

-- 
Best regards, Aleksey Cheusov.