site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com That's also not really "better". Alas, what I really want to do is track processes in some way such that marking a process causes that mark to be inherited by children, and allow the kernel to read the mark, and a process can cause itself to get a new mark which will be inherited to *its* future children, and it seems that's simply not possible: -The MAC subsystem isn't supported (http://developer.apple.com/mac/library/qa/qa2007/qa1574.html) -login contexts and audit sessions are one-per-process and owned by system software -I'm insufficiently special to use a mach special port (there are 7) -The kauth external cred resolver interface allows but a single resolver and I'm not memberd. What actor needs access to the information? (1) This is what the keychain mechanism gives you -- Terry _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Feb 19, 2010, at 11:59 AM, Derrick Brashear wrote: (2) Consider adding a directory services plugin, which give you access as part of the authority of memberd (3) Consider simply putting the initail process in an additional supplementary group This email sent to site_archiver@lists.apple.com