Hubert Feyrer wrote:

> The following functions are not documented in manpages:

Of course what will get commited will be commited along with proper
documentation. For now, it's just code waiting for approval...
(same goes for style)

>  * privacy_proc() - aren't there already routines to do that? Maybe
>    look at CANSIGNAL() in kern_sig.c

Yes. The two functions (privacy_proc and privacy_inet) can be
collapsed, as they look now, into a single function. However, we
might want to handle the privacy filtering different for each,
so they are in their own routine.

> Last, a question: do I understand it correctly that those two sysctl
> knobs allow/disallow retrieving process stats sysctls (e.g. for ps(1))
> and network stats sysvtls (e.g. for netstats(1)) for all/only the owner
> (and root) of a process?

Yes.

> How about not showing processes e.g. outside a chroot, like we already
> do for mountpooints?
> 
> Mayve this whole "privacy" thing should be discussed through first...
> ("design"?)

I suggested that. The code provided is an implementation that will allow
us to build newer designs more easily into the system, as oppsed to the
discussed ``kern.showallprocs'' knob.

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914