Andrew Doran wrote:

> 1. In a number of places we pass l->l_acflag to kauth.  This was originally
>    for system accounting to trap the ASU flag, but that's not done any more. 
>    I'm going to remove the collating step from lwp_exit() and exit1(), but
>    in the interests of minimizing unnecessary change, is it worthwhile
>    removing the extra argument from kauth_authorize_generic()?
> 
>     292 	if ((error = kauth_authorize_generic(l->l_cred,
>     293 	    KAUTH_GENERIC_ISSUSER, &l->l_acflag)) != 0)

yes, I know it's not used anymore. I didn't bother removing it from
calls because either way I'm going to change these calls to something
other than KAUTH_GENERIC_ISSUSER.

the 3rd argument is needed for e.g., KAUTH_GENERIC_CANSEE. there's a
very good chance we'll remove it at some point, but not now...

> 2. Storage for listeners and scopes are allocated from pools.  Since there
>    aren't likely to be many of them, it makes more sense to use kmem to 
>    allocate those. Any objections if I change it to do that?
> 
> 	http://www.netbsd.org/~ad/kauth.diff

I've okay'd this in the past I think, so, for the record, it's fine with
me. :)

-e.