>> If all listerners unshare kauth_cred_t *unconditionally*, we lost data >> set by kauth_cred_setdata. As I said later there is a workaround >> (kauth_cred_getrefcnt or kauth_cred_copy) but I don't like it.
> why don't you like it? I cannot imagine applications for KAUTH_CRED_CHROOT other than adding some information to kauth_cred_t, e.g. root directory, chroot serial number or something equivalent for some purposes. So, a code for unsharing kauth_cred_t should *always* be called by *all* listerers/modules before modification. In my opinion this adds unnecessary overcomplication for no benefits (unsharing credentials in chroot(2) unconditionally cannot cause performance degradation). This is why I think it's better and easier to unshare it in one place, that is in chroot(2). -- Best regards, Aleksey Cheusov.
