On Mon, 2009-03-02 at 17:17 -0500, Girish M G wrote:
> There are three things here:
>
> (a) authorization/ privileges to do certain tasks ('write') using 'ipadm'.
> (b) the file permission of the data store itself.
> (c) 'not' tying the above two things.
>
> In the case of 'libipadm' model, there will be user called 'ipadm' who
> owns the 'datastore'. Read/Write to this data store will be done through
> 'libipadm' after donning that role.
How will donning the role be done? As Jim points out, each operation
should be controlled through an authorization (or not in the case of
read operations that don't require any restricted access). Does the
library fork a process under a new role if it detects that the caller
has the appropriate authorization?
> When it comes to NOT allowing normal users in issuing 'priveleged'
> ioctls, it will be handled inside the kernel in the similar fashion
> (a) as in DLD in 'drv_check_policy'
> (b) as in 'ifconfig' in 'ip_sioctl_copyin_setup'
Yep, that part is pretty straightforward.
-Seb
