I do not understand the first argument. You seem to say it is posible
to create tcpsockets between different computers while it is not useful
to pass cookies under it. I do not see any problem. Just use cookies in
the local system only.
With regard to resource limits, the solution is not too difficult. As
far as resource limits are concernted, a cookie created and not yet
destroyed should count as a file handle owned by the process and user
that created it. That is, a process cannot have more coookies opened and
not yet consumed plus total open files than the maximum number of
process descriptors. The same for each user id. There is no need for a
new limit.
Apart from the inconvenience of sendmsg being a library function rather
than a system call, I am convinced that it would be posible to implement
unix socket descriptor passing as a library call. This is not posible
for practical reasons of backward compatibility. But that does not
demonstrate that the proposed primitive is not simpler.
Ramon