I'd like to apply the attached patch. It implements two things: - chroot(2)-ed process is given new kauth_cred_t with reference count equal to 1. - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope which is used when chroot(2) or fchroot(2) is called.
This two things allows to implement things like securechroot(9) secmodel described here http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html After commiting this patch I'll move the rest of securechroot(9) to pkgsrc until it is ready to be integrated into the kernel. Objections? -- Best regards, Aleksey Cheusov.
