Re: What's eating gilbert pid? (kevent NOTE_FORK and pids question)
Re: What's eating gilbert pid? (kevent NOTE_FORK and pids question)
- Subject: Re: What's eating gilbert pid? (kevent NOTE_FORK and pids question)
- From: Terry Lambert <email@hidden>
- Date: Fri, 19 Feb 2010 12:17:30 -0800
On Feb 19, 2010, at 11:59 AM, Derrick Brashear wrote:
That's also not really "better". Alas, what I really want to do is
track processes in some way such that marking a process causes that
mark to be inherited by children, and allow the kernel to read the
mark, and a process can cause itself to get a new mark which will be
inherited to *its* future children, and it seems that's simply not
possible:
-The MAC subsystem isn't supported
(http://developer.apple.com/mac/library/qa/qa2007/qa1574.html)
-login contexts and audit sessions are one-per-process and owned by
system software
-I'm insufficiently special to use a mach special port (there are 7)
-The kauth external cred resolver interface allows but a single
resolver and I'm not memberd.
What actor needs access to the information?
(1) This is what the keychain mechanism gives you
(2) Consider adding a directory services plugin, which give you access
as part of the authority of memberd
(3) Consider simply putting the initail process in an additional
supplementary group
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden