> > > If it does need 'write' access to the 'libipadm' data store then yes it > > > should have that privilege. > > > > Or if it happens to link with any library that requires such access, which > > is exactly why I think this is bad architecture. > > in.routed is not a particularly good example for this particular case, > as it does not do any persistent ip configuration operations. > However, your point is taken- file_dac_write constraints from a library > is not a good long-term solution, and we all agree that scf is the > better solution. But it seems like we need to sort out the smf > story first, so maybe we should start by looking at the technical > details of the history here?
Let me talk with the Fishworks team about their experiences thus far (Mike is out right now, and he probably has the most information about this), and we can go from there. Meanwhile, I think it's fine to proceed with what you have with the understanding that we will probably rework this part. -- meem
