On Mon, 2009-03-02 at 16:37 -0500, James Carlson wrote: > Sebastien Roy writes: > > The libdladm model requires that writing to the database be done by > > dlmgmtd which is run as the dladm user (the datalink.conf file is only > > writable by the dladm user). Permissions to write to the file are not > > related to any authorizations AFAIK. How will this work for libipadm? > > I think the libdladm model is weak in this area and could use some > work. It should use auths correctly *and* do auditing when it grants > access based on auths. It doesn't seem to do that.
This part of the model could use improvements, but the part of the model I'm pointing out that does work is not tying the set of things allowed to issue operations to the data store's file permissions. -Seb
