The following proposal got some +1's, and no -1's from the device-drivers
community.
Can we please have a project named "cpg" and a mailing list called
"cpg-discuss@". This might have gotten endorsement from the security community
... Nico can answer that question. (I *think* it did, but I've not been
following the security-discuss@ mailing list.)
- Garrett
>We seek the endorsement of the ON, security, Kerberos and device drivers
>communities for a project that seeks to add a new, extensible process
>grouping facility to OpenSolaris.
>
>The project is called "Credentials Process Groups" (CPGs) and had a
>PSARC inception on Wednesday, May 6 2009, under PSARC/2009/271.
>
>The project leaders are Nicolas Williams and Garrett D'Amore.
>
>Initial consumers of this project would be:
>
> - Solaris audio (Boomer)
> - Solaris Kerberos
>
>CPGs are an extensible process grouping facility that uses cred_t for
>process grouping.
>
>The reason for using cred_t for process grouping is to make these
>process groups visible to device drivers (via cred_t accessors and in
>IPC (via ucred_get(3C) accessors), that is, in contexts where it's not
>necessarily possible to directly or indirectly access a proc_t. The
>concept comes from the Andrew File System (AFS) concept of Process
>Authentication Groups (PAGs) and is similar to Linux keyrings.
>
>Materials can be found in the ARC case directory, along with the issues
>file and mail record:
>
>http://arc.opensolaris.org/caselog/PSARC/2009/271/inception.materials/
>http://arc.opensolaris.org/caselog/PSARC/2009/271/issues
>http://arc.opensolaris.org/caselog/PSARC/2009/271/mail
>
>Nico & Garrett
