Hi Garrett, On Tue, 2008-07-22 at 12:46 -0700, Garrett D'Amore wrote: > Where will the new checks for sys_dl_config be inserted?
I'll include you in the code-review if you'd like to get a close look at the implementation. Basically, dld does these checks centrally in one place based on a "description" of the ioctls that modules pass in to dld using a registration mechanism. Part of this "description" includes whether a given ioctl requires the sys_dl_config privilege. > Will the other > protections (except for WiFi) be removed (particularly from the device > drivers and the framework components? -- also the VNIC file permissions?) What protections are you referring to exactly? Yes, the VNIC file permissions will no longer apply since there will no longer be a VNIC control device node. There will only be a single /dev/dld. Perhaps /dev/dld should be mentioned in the fast-track, even though it's really an implementation detail. > "show-wifi" would be very, very useful to have reduced privilege (none?) > access to. Totally agreed, and this is part of the motivation for this work. Allowing show-wifi with no privileges is in progress, and involves implementing the WiFi properties as Brussels properties. This work will enable you to do a show-wifi with no privileges, as obtaining properties will not require privileges. -Seb
