>> [good explanation deleted] > >> Yeah, that part I did get. But: > > >> The question is *where* new kauth_cred_t instance > >> should be created and assigned to the process: > >> 1) Inside chroot/fchroot(2) (this is in my patch) > >> 2) Modules that adds "credential private data". > >> Is the kauth_t passed to the securchroot secmodule (are all other >> listeners) by value or by reference (at least conceptually). It has to >> be by reference, isn't it? > It is passed by reference. > sys/types.h: > typedef struct kauth_cred *kauth_cred_t > >> You said choosing (2) over (1) would lead to problems in case we have >> multiple listeners and I fail to understand how, > If all listerners unshare kauth_cred_t *unconditionally*, we lost data > set by kauth_cred_setdata. As I said later there is a workaround > (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.
why don't you like it? YAMAMOTO Takashi > >> in that case, choosing >> (1) over (2) does not lead to (different) problems. > I don't see any problem with (1) > > -- > Best regards, Aleksey Cheusov.
