2007/429 Brussels Enhanced Network Driver Configuration Via dladm

sowmini.varadhan at sun.com sowmini.varadhan at sun.com
Thu Sep 13 16:55:43 PDT 2007 

On (09/13/07 16:10), Gary Winiger wrote:
> 
> First my apologies if this is in the materials and I've overlooked it.
> Unfortunately I didn't get to thoroughly review the materials.
> In looking back at things, it seems there may be Solaris Audit and
> RBAC requirements for the additions suggested.  Presently there's
> wifi.config and wifi.web authorizations, and create network security object
> and delete network security object audit events.
> Is the intent of the Brussels changes to dladm to rely on svc.configd
> auditing and RBAC?  If so at least the SMF properties and authorizations
> should be part of the case.  If not, how does this project deal with the
> Audit and RBAC requirements for administrative interfaces?
> 
> Gary..
> 

Hi,

we are planning to leverage on the same RBAC infrastructure currently
used by dladm for managing wifi and aggr interfaces, which appears to be

quasimodo(391)% pwd
/etc/security
quasimodo(393)% grep dladm *attr
exec_attr:Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys; privs=sys_net_config,net_rawaccess,proc_audit
exec_attr:Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;    privs=sys_net_config,net_rawaccess,proc_audit

The "Network Management" profile looks like it would cover PSARC 2007/429 
(could you please confirm that this is adequate)

quasimodo(390)% grep 'Network Managemen' prof_attr
Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.wpa,solaris.admin.dcmgr.clients,solaris.admin.dcmgr.read,solaris.snmp.*,solaris.network.hosts.*;profiles=Network Wifi Management;help=RtNetMngmnt.html
System Administrator:::Can perform most non-security administrative tasks:profiles=Audit Review,Printer Management,Cron Management,Device Management,File System Management,Mail Management,Maintenance and Repair,Media Backup,Media Restore,Name Service Management,Network Management,Object Access Management,Process Management,Software Installation,User Management,Project Management,All;help=RtSysAdmin.html


Thanks,
Sowmini

More information about the opensolaris-arc mailing list