+ *
+ * Notes: The IPC_M bit is special, in that it may only be granted to
+ * root, the creating user, or the owning user.
+ *
+ * This code does not use posix_cred_access() because of the
+ * need to check both creator and owner separately when we are
+ * considering a rights grant. Because of this, we need to do
+ * two evaluations when the values are inequal, which can lead
+ * us to defeat the callout avoidance optimization. So we do
+ * the work here, inline. This is less than optimal for any
+ * future work involving opacity of of POSIX credentials.
+ *
+ * Setting up the mode_owner / mode_group / mode_world implicitly
+ * masks the IPC_M bit off. This is intentional.
+ *
+ * See the posix_cred_access() implementation for algorithm
+ * information.