On Sun, Jun 24, 2007 at 10:14:47AM +0300, Elad Efrat wrote:
> 
> the two issues are completely orthogonal. the change was done originally
> to save a malloc. that is a very, very weak argument. the "side benefit"
> has no effect whatsoever and you know that very well.

Actually the change was done because I had to rewrite some of the
system call code to avoid using the 'stackgap', and the existing
code was just so horrid I factored some changes further through
the code paths it order to make life easier for the callers.

There is also the long-term requirement to remove the compile-time
limit of NGROUPS/NGROUPS_MAX, so I made sure that the comparisons
against that value all got moved inside the kauth_cred code.
Since your 'fully encapsulated, not let anyone near my internals'
version required everyone to know that limit.

I will look at the code again later.

	David

-- 
David Laight: david@l8s.co.uk