James Carlson wrote:
> Sebastien Roy writes:
>
>> On Mon, 2009-03-02 at 16:37 -0500, James Carlson wrote:
>>
>>> I think the libdladm model is weak in this area and could use some
>>> work. It should use auths correctly *and* do auditing when it grants
>>> access based on auths. It doesn't seem to do that.
>>>
>> This part of the model could use improvements, but the part of the model
>> I'm pointing out that does work is not tying the set of things allowed
>> to issue operations to the data store's file permissions.
>>
>
> Yep; understood. That's not the right way to go at all.
>
There are three things here:
(a) authorization/ privileges to do certain tasks ('write') using 'ipadm'.
(b) the file permission of the data store itself.
(c) 'not' tying the above two things.
In the case of 'libipadm' model, there will be user called 'ipadm' who
owns the 'datastore'. Read/Write to this data store will be done through
'libipadm' after donning that role.
When it comes to NOT allowing normal users in issuing 'priveleged'
ioctls, it will be handled inside the kernel in the similar fashion
(a) as in DLD in 'drv_check_policy'
(b) as in 'ifconfig' in 'ip_sioctl_copyin_setup'
~Girish
