Girish M G writes: > In the case of 'libipadm' model, there will be user called 'ipadm' who > owns the 'datastore'. Read/Write to this data store will be done through > 'libipadm' after donning that role.
How does that happen? Libraries themselves don't have the ability to run setuid. > When it comes to NOT allowing normal users in issuing 'priveleged' > ioctls, it will be handled inside the kernel in the similar fashion > (a) as in DLD in 'drv_check_policy' > (b) as in 'ifconfig' in 'ip_sioctl_copyin_setup' When discussing roles and such, the issue isn't with the ioctls or privileges. It's with where the authorizations are checked and making sure that the right auditing actions take place when that occurs. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
