Jeff, > On Jul 23, 2010, at 8:05 PM, Gary Winiger wrote: > > > I'm trying to understand the compelling reason for adding sys_share.
> I think this issue (missing requirements/rationale) is > at the heart of many of the questions in this thread, > so I'd like start there. Thanks, that makes sys_share clear to me. What I was missing was that sys_nfs was needed to import as well as share. > PRIV_SYS_SHARE > -------------- > > Currently, establishing a share enforces PRIV_SYS_CONFIG > in sharefs. For ZFS shares, libshare contains an additional > check to enforce full privileges. These privilege checks Libraries cannot and should not try to enforce privileges. In what I believe this case to be, only the kernel can enforce privileges. I presume this a misstatement. One can always write an equivalent function to the library without privilege checks. Processes calling of that equivalent function should not be granted access unless they have appropriate privileges. > will never succeed in a NGZ because they are prohibited > by the Zones security model. The current checks will be > replaced by the proposed (new) PRIV_SYS_SHARE. This seems to me to be an incompatible change that doesn't need to be made. If before this project, sys_config was the privilege that allowed sharing, it should continue to allow sharing. In addition sys_share should allow sharing. I believe it was already determined that sys_config cannot/should not/must not be granted to a NGZ. If the project wishes to make this incompatible change, please justify it (and perhaps how it would be mitigated for all existing users of sys_config to share). Other than the "misstatement" and the incompatibility, I'm now fine with the case. Thanks. Gary.. _______________________________________________ opensolaris-arc mailing list opensolaris-arc@opensolaris.org