Re: Addition to kauth(9) framework

To: cheusov%tut.by@localhost
Subject: Re: Addition to kauth(9) framework
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Wed, 31 Aug 2011 01:51:39 +0000 (UTC)

>> [good explanation deleted]
> 
>> Yeah, that part I did get. But:
> 
>  >> The question is *where* new kauth_cred_t instance
>  >> should be created and assigned to the process:
>  >> 1) Inside chroot/fchroot(2) (this is in my patch)
>  >> 2) Modules that adds "credential private data".
> 
>> Is the kauth_t passed to the securchroot secmodule (are all other
>> listeners) by value or by reference (at least conceptually). It has to
>> be by reference, isn't it?
> It is passed by reference.
> sys/types.h:
>   typedef struct kauth_cred *kauth_cred_t
> 
>> You said choosing (2) over (1) would lead to problems in case we have
>> multiple listeners and I fail to understand how,
> If all listerners unshare kauth_cred_t *unconditionally*, we lost data
> set by kauth_cred_setdata. As I said later there is a workaround
> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.

why don't you like it?

YAMAMOTO Takashi

> 
>> in that case, choosing
>> (1) over (2) does not lead to (different) problems.
> I don't see any problem with (1)
> 
> -- 
> Best regards, Aleksey Cheusov.

Follow-Ups:
- Re: Addition to kauth(9) framework
  - From: Aleksey Cheusov

References:
- Re: Addition to kauth(9) framework
  - From: Aleksey Cheusov

Prev by Date: Re: Areca 1880?
Next by Date: Re: kmem-pool-uvm
Previous by Thread: Re: Addition to kauth(9) framework
Next by Thread: Re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index