access(2) using effective uid instead of real one?

[Nicolas Thery]

2009/8/11 Matthew Dillon <dillon at apollo.backplane.com>:
>    I would rather not change the creds.  It seems simple enough to
>    adjust the access helper to use the real ids.

It is admittedly easier and more explicit to do it as Alex and you suggest.

To implement faccessat, which can check either real of effective ids
based on a flag argument, do you prefer:

1/ Pass this "effective vs real" flag to VOP_ACCESS (either in a_mode
or as a new arg).

2/ Adding a new VOP_FACCESSAT operation.

The more general question is: can we break the VOP API (assuming we
change all in-tree clients)?

Cheers,
Nicolas