On (03/04/09 01:52), Peter Memishian wrote: > > While this will work for ipadm, I don't think this is architecturally > sound. For instance, consider the case where an application links against > a library (e.g., libnwam) that in turn links against libipadm. Now that > application needs to have something in /etc/security/exec_attr to satisfy > an implementation detail of libnwam (the fact that it uses libipadm).
It would need to have file_dac_write iff it was doing IP configuration. > As Seb mentioned earlier, dlmgmtd provides this facility for libdladm. It > also synchronizes all changes (e.g., two applications using libdladm at > the same time cannot clobber each other), and provides a central point for > other facilities, such as posting sysevent notifications for new datalinks. Requiring a daemon-per-library to broker with the library's datastore is also not a very good design (that would be reinventing svc.configd per library). It may be that we are forced to have the file_dac_write constraint until all of the *adm applications move away from flat-file repository to smf. --Sowmini
