hi, > I'd like to apply the attached patch. > It implements two things: > > - chroot(2)-ed process is given new kauth_cred_t with reference count > equal to 1.
can you find a way to avoid this? YAMAMOTO Takashi > - New id KAUTH_CRED_CHROOT is added to kauth(9) credentials scope > which is used when chroot(2) or fchroot(2) is called. > > This two things allows to implement things like securechroot(9) secmodel > described here > > http://mail-index.netbsd.org/tech-kern/2011/07/09/msg010903.html > > After commiting this patch I'll move the rest of securechroot(9) > to pkgsrc until it is ready to be integrated into the kernel. > > Objections? > > -- > Best regards, Aleksey Cheusov.