On Mon, Aug 29, 2011 at 06:36:49PM +0200, Aleksey Cheusov wrote: [good explanation deleted]
Yeah, that part I did get. But: > The question is *where* new kauth_cred_t instance > should be created and assigned to the process: > 1) Inside chroot/fchroot(2) (this is in my patch) > 2) Modules that adds "credential private data". Is the kauth_t passed to the securchroot secmodule (are all other listeners) by value or by reference (at least conceptually). It has to be by reference, isn't it? You said choosing (2) over (1) would lead to problems in case we have multiple listeners and I fail to understand how, in that case, choosing (1) over (2) does not lead to (different) problems. Sorry to be insisisting (I don't mind unsharing at (1), btw., just trying to understand the options fully). Martin