PSARC 2009/271 Credential Process Groups (CPGS)
Nicolas Williams
Nicolas.Williams at sun.com
Mon May 4 08:47:35 PDT 2009
On Mon, May 04, 2009 at 05:37:46PM +0200, Casper.Dik at Sun.COM wrote:
>
> (Why was your reply not send to psarc*?)
Your questions weren't sent to PSARC, so I didn't send my reply to PSARC
either.
> >I could always extend /proc, but it seems unnecessary.
>
> I think it is pretty much required.
The missing context, for PSARC readers, is that Casper says that to
modify ptools one ought to modify /proc as well.
In this case the new system calls provide enough observability that
/proc changes would be redundant, but modifying pcred would still be
useful for observability, and anyways, holding a proc(4) handle to a
process to prevent PID reuse while examining it is also useful.
If there's a hard and fast rule that ptools cannot use facilities
outside proc(4) for observing targets then we could easily extend
proc(4) to make CPG information available through proc(4). But as I
said, given that the CPG syscalls provide sufficient observability it
seems unnecessary to extend proc(4).
Nico
--
More information about the opensolaris-arc
mailing list