Re: Addition to kauth(9) framework

To: tech-kern%netbsd.org@localhost
Subject: Re: Addition to kauth(9) framework
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Wed, 31 Aug 2011 10:15:01 +0300

 >> If all listerners unshare kauth_cred_t *unconditionally*, we lost data
 >> set by kauth_cred_setdata. As I said later there is a workaround
 >> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.

> why don't you like it?

I cannot imagine applications for KAUTH_CRED_CHROOT other than adding
some information to kauth_cred_t, e.g. root directory, chroot serial
number or something equivalent for some purposes. So, a code for
unsharing kauth_cred_t should *always* be called by *all*
listerers/modules before modification.  In my opinion this adds
unnecessary overcomplication for no benefits (unsharing credentials in
chroot(2) unconditionally cannot cause performance degradation). This is
why I think it's better and easier to unshare it in one place, that is
in chroot(2).

-- 
Best regards, Aleksey Cheusov.

References:
- Re: Addition to kauth(9) framework
  - From: Aleksey Cheusov
- Re: Addition to kauth(9) framework
  - From: YAMAMOTO Takashi

Prev by Date: Re: kmem-pool-uvm
Next by Date: Re: netbsd32 emulation in driver open() or read()
Previous by Thread: Re: Addition to kauth(9) framework
Next by Thread: re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index