Hi Dave,
On Mon, 2 Aug 2010, Dave Miner wrote:
Apologies for being tardy on this, but you requested my feedback on the RBAC
portion, and there are a few other nits I noticed along the way:
2.2: create_usb would work fine on SPARC if usbgen did, perhaps rephrase so
that it's clear that usbgen is the piece that doesn't support SPARC.
2.2 s/local zone/non-global zone/
3.1, page 9: The paragraph beginning with "The engine executes the
checkpoints in order. First, the IPS..." Perhaps preface the IPS reference
with "In the typical usage" or something like this, as the current phrasing
implies that it's always this way, when in reality DC could build something
completely different that didn't involve any of the listed steps that
comprise the rest of this paragraph. As an example, building the repo ISO's
could be a DC process that would involve a very different set of steps.
page 14, final paragraph: s/two/three/
3.6: checkpointing allows stop and restart at defined points of the
construction process, not "any", which could be taken to imply finer
granularity than is possible
3.9: would be good to note the reason for the gnome exception since this has
been unclear to some readers
3.12: you should specify a name for the new profile ("Distribution
Construction"?). ZFS FS management and Device Security are profiles, not
privileges. The references to requirements for executing lofiadm and chroot
could be more specific. Anyone can run lofiadm, though usually the device
permissions allow only query, not modification, of the mappings by ordinary
users, so I'm not sure exactly what to say here. chroot does appear to
require a specific privilege, proc_chroot.
I've made changes to incorporate all of the above comments.
For lofiadm(1m), I added "privileges to run chroot(1) and
execute all the operations of lofiadm(1m)"
3.13.3: If we have a CR number for the SMF work, would be good to reference
it here.
I'll file a CR and add the reference to it in this section.
Thanks,
Alok
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
