John Baldwin jhb at
Thu May 28 13:53:10 UTC 2009

On Wednesday 27 May 2009 8:01:48 pm Zachary Loafman wrote:
> arch@ -
> Isilon has need of per-thread impersonation. We're looking at
> implementing something like the pthread_setugid_np mechanism found on
> OS X, loosely documented in the code:
> (see settid and setgroups1)
> and some here:
> Does anyone have strong objections to Apple's APIs here? There's
> obviously no portable itnerface to handle it, and it seems a little
> saner to just adopt someone else's API/semantics rather than reinvent.

I suppose you would implement this by having a new flag in td_pflags to 
indicate that the thread is using a private credential and use that to 
disable the automatic updating of td_ucred on syscall return and then just 
point td_ucred at the thread-specific credential?

Hmm, the XXX in Darwin's source about P_SUGID is probably meaningful for us as 
we still use that flag.  I would defer to Robert on how that should work 

John Baldwin

More information about the freebsd-arch mailing list