>> That said, where we now return EPERM is where in the future we'll >> return the error value returned by kauth(9), like many many other >> places in the kernel. Other parts of the networking stacks (say, >> opening a raw socket) now return EPERM instead of EACCES > > ip(4) and ip6(4) seem to document EACCES. Right. Do you think we need to fix the code or the documentation? i think you should change the code back to how it had been.
IMHO - documentation. I like being able to tell when an error comes from kauth(9), and EPERM is a nice way to paint those. i see no good reason for this. kauth is an implementation detail, and shouldn't be changing what the userland interface is looks like unless necessary. ip(4) has been around since netbsd day0 so that is at least 16 years of documentation + code being in sync. .mrg.
