>But then we're still having an API change that doesn't have to be there.
No, it's not.
If you change suser() to:
int
suser(uc, ac)
struct ucred *uc;
u_short *ac; {
return JAILsuser(0, uc, ac);
}
then suser() continues to have the same semantics and calling convention; you
can speed this up a bit by having:
#define suser(a,b) JAILsuser(0, a, b)
in <sys/ucred.h> (where suser's prototype is).
Then you can simply change the calls from suser() to JAILsuser() as needed.
(Actually, JAILsuser is a bad name, really, since this could also be used to
move to a more-capability-based mechanism, with the "jail" being simply one
set of resources to compare the requested capability against. But that's just
a thought that has occurred to me, and I haven't spent any time making it
coherent ;).)
Doing it this way should result in a superset, and minimal source code
changes; doing it with just the stub routine would result in minimal binary
impact as well.
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message
