2008/055 Solaris Bridging
Darren J Moffat
Darren.Moffat at sun.com
Mon Feb 4 07:19:49 PST 2008
Darren Reed wrote:
> James Carlson wrote:
>> ...
>>> Some other questions....
>>> What is the rights profile for bridging?
>>>
>>
>> No new rights profile or change to existing profiles is needed. The
>> existing "Network Link Security" and "Network Management" rights
>> profiles include dladm with sufficient privilege (as documented in
>> this project) to allow administration of bridges
>
>
> Will the daemon also be associated with one or both of these?
Why should it be ? The daemon should only be started by SMF. While it
is possible to write the SMF manifest such that it uses an exec_attr
profile rather than explicit credential entries I don't think that is
necessary. In fact I'd say that unless the daemon is intended to also
be started by a normal user (for something other than debug purposes)
then using an RBAC profile in the SMF manifest just encourages users to
think they can start the daemon manually (of course the daemon can be
coded to check it is actually running under SMF and refuse to start!).
--
Darren J Moffat
More information about the opensolaris-arc
mailing list