[fmac-discuss] [PATCH] Simplify FMAC exec logic With the change in the prior patch to the exec code path to also set the process suid flags when fmac_execsetid is true (i.e. when execsetid permission is not allowed between the old and new contexts), we can simplify the FMAC processing in the exec code path. If we set PRIV_INCREASE in the privflags when fmac_execsetid is true, then the subsequent exec logic will set the linker security flag and the process suid flags without requiring any further checking of fmac_execsetid. As fmac_execsetid is no longer being used only to set the linker security flag, the fmac_execsetid boolean is renamed to setprivinc, and the "execsetid" FMAC permission is renamed to "noprivinc" (i.e. no need to assert privilege increase protections on this domain transition). There should be no actual change in behavior as a result, just an implementation that fits better into the existing logic. This patch applies on top of the prior one. Webrev available at: http://cr.opensolaris.org/~sds/privinc/