Jeff,
> On Jul 23, 2010, at 8:05 PM, Gary Winiger wrote:
>
> > I'm trying to understand the compelling reason for adding sys_share.
> I think this issue (missing requirements/rationale) is
> at the heart of many of the questions in this thread,
> so I'd like start there.
Thanks, that makes sys_share clear to me. What I was missing
was that sys_nfs was needed to import as well as share.
> PRIV_SYS_SHARE
> --------------
>
> Currently, establishing a share enforces PRIV_SYS_CONFIG
> in sharefs. For ZFS shares, libshare contains an additional
> check to enforce full privileges. These privilege checks
Libraries cannot and should not try to enforce privileges.
In what I believe this case to be, only the kernel can
enforce privileges. I presume this a misstatement.
One can always write an equivalent function to the
library without privilege checks. Processes calling of that
equivalent function should not be granted access unless they have
appropriate privileges.
> will never succeed in a NGZ because they are prohibited
> by the Zones security model. The current checks will be
> replaced by the proposed (new) PRIV_SYS_SHARE.
This seems to me to be an incompatible change that doesn't
need to be made. If before this project, sys_config was
the privilege that allowed sharing, it should continue
to allow sharing. In addition sys_share should allow
sharing. I believe it was already determined that
sys_config cannot/should not/must not be granted to a NGZ.
If the project wishes to make this incompatible change,
please justify it (and perhaps how it would be mitigated for
all existing users of sys_config to share).
Other than the "misstatement" and the incompatibility,
I'm now fine with the case. Thanks.
Gary..
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
