[clearview-discuss] [nwam-discuss] fast-track proposal for dladm privilege breakdown
Sebastien Roy
Sebastien.Roy at Sun.COM
Wed Jul 23 18:33:27 PDT 2008
On Wed, 2008-07-23 at 17:59 -0400, Peter Memishian wrote:
> > I have a proposal for a PSARC fast-track detailing the breakdown of
> > privileges for dladm. One question is the behavior of the *-secobj
> > subcommands that for some reason require authorizations in addition to
> > privileges, but not the show-secobj subcommand.
>
> The "RBAC model" subsection in the dladm/WiFi design document included
> with PSARC/2006/623 should answer your questions here.
Okay, thanks. Looking into this more deeply, while dladm show-secobj
doesn't show the key values, the ioctl which needs the privilege checks
applied to it (DLDIOC_SECOBJ_GET) does return them. Issuing that ioctl
currently requires sys_net_config by virtue of having to open the dld
control device, so I will convert that to a requirement for
sys_dl_config as I've done with other ioctls. It's a "read" ioctl, but
it's special because of the sensitivity of the data it's reading.
-Seb
More information about the clearview-discuss
mailing list