> >>> - chroot(2)-ed process is given new kauth_cred_t with reference count > >>> equal to 1. > >> > >>can you find a way to avoid this? > >> > >>YAMAMOTO Takashi > > > > He tried and I think that this is the minimal hook he needs. > > do you mean that we need to unshare the credential unconditionally, > regardless his module is used or not? why?
Suppose we have two or more loaded modules listerning for KAUTH_CRED_CHROOT. Which one should create new kauth_cred_t structure? What is the criteria? If both, we have a problem. -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone