> > in.routed does IP configuration; would it have this? > > > If it does need 'write' access to the 'libipadm' data store then yes it > should have that privilege.
Or if it happens to link with any library that requires such access, which is exactly why I think this is bad architecture. > In other words if 'in.routed' does any persistent operations then it > would need 'file_dac_write' privilege. -- meem
