Seb and I were having a discussion on why dladm, dlmgmtd etc. inline the lexical analysis code, instead of using lex.
My interest came from trying to use lex for ipadm, which led to Seb's question below On (03/02/09 12:51), Sebastien Roy wrote: > > This is unrelated to the parsing discussion, but here's a question: The > ipadm database update/access code will be executed in the context of the > caller? > > I ask because this means that the caller has to have write permissions > in the database file, and that may conflict with the RBAC model where > any user with the appropriate authorization should be able execute the > authorized operation. > We are considering using a model similar to that used for dladm/flowadm: have an ipadm RBAC role with auths similar to those for dladm: i.e., auths=solaris.smf.manage.wpa,solaris.smf.modify. --Sowmini
