[brussels-dev] libipadm data store access (was Re: dladm/dlmgmtd property parsing)
Sebastien Roy
Sebastien.Roy at Sun.COM
Mon Mar 2 12:33:56 PST 2009
On Mon, 2009-03-02 at 14:55 -0500, Sowmini.Varadhan at Sun.COM wrote:
> On (03/02/09 14:48), Sebastien Roy wrote:
> > > We are considering using a model similar to that used for dladm/flowadm:
> > > have an ipadm RBAC role with auths similar to those for dladm:
> > > i.e., auths=solaris.smf.manage.wpa,solaris.smf.modify.
> >
> > The libdladm model requires that writing to the database be done by
> > dlmgmtd which is run as the dladm user (the datalink.conf file is only
> > writable by the dladm user). Permissions to write to the file are not
> > related to any authorizations AFAIK. How will this work for libipadm?
>
> How does this work for flowadm, which afaict writes to flowadm.conf
> without dlmgmtd being the intermediary?
I don't know, I'm not that familiar with the design/implementation of
flowadm. Does it require being run as root to create a flow? If so,
then I'm not quite sure why flowadm.conf is owned by the dladm user.
-Seb
More information about the brussels-dev
mailing list