On Tue, 2008-07-22 at 13:38 -0700, Garrett D'Amore wrote: > James Carlson wrote: > > Sebastien Roy writes: > > > >> This case does propose to relax the requirement for WiFi ioctls from > >> sys_net_config to the new sys_dl_config privilege in order to be > >> in-line with other GLDv3 datalink administration ioctls. The > >> net_rawaccess privilege will still be required for WiFi operations, > >> however, since libdladm.so still has to open /dev/net DLPI nodes in > >> order to issue WiFi ioctls. > >> > > > > This all looks good. One note: the excess privilege needed to open > > DLPI nodes affects other things as well. There are applications that > > would like to read out the interface MAC addresses but currently > > cannot do so because it requires privilege. It's not part of this > > project, but we probably have to address that one-privilege-for-all- > > access scheme for DLPI at some point in the future. > > > > To my mind, the fix for this belongs in libdlpi or libdladm. Folks > using DLPI directly would probably be doing so primarily for > portability, and the ability to access DLPI as anything other than root > is not portable.
One easy way to address the MAC address issue specifically is to make the MAC address a Brussels property. It would then be easily obtained through libdladm or via the dladm command line with no privileges. -Seb
