Joerg Sonnenberger <jo...@bec.de> wrote: > Can you please start with a consistent proposal of what the end result > should look like before adding random pieces? I'm sure, but this feels > like a very adhoc hack to cover a few corner cases for some strange out > of tree target without a clean idea on how it affects the long term > design of the VFS layer.
Well, since kauth_cred_t can be extended, I foresee no need to change VFS design. one additionnal credential is required here, struct file *, we can just optionaly add it up like I did in this patch. There is a possible exception: VOP_FALLOCATE touches file content, and it does not pass kauth_cred_t. Obviously this was forgotten when the VOP was created. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
