Sebastien Roy wrote:
> On Tue, 2008-07-22 at 13:38 -0700, Garrett D'Amore wrote:
>
>> James Carlson wrote:
>>
>>> Sebastien Roy writes:
>>>
>>>
>>>> This case does propose to relax the requirement for WiFi ioctls from
>>>> sys_net_config to the new sys_dl_config privilege in order to be
>>>> in-line with other GLDv3 datalink administration ioctls. The
>>>> net_rawaccess privilege will still be required for WiFi operations,
>>>> however, since libdladm.so still has to open /dev/net DLPI nodes in
>>>> order to issue WiFi ioctls.
>>>>
>>>>
>>> This all looks good. One note: the excess privilege needed to open
>>> DLPI nodes affects other things as well. There are applications that
>>> would like to read out the interface MAC addresses but currently
>>> cannot do so because it requires privilege. It's not part of this
>>> project, but we probably have to address that one-privilege-for-all-
>>> access scheme for DLPI at some point in the future.
>>>
>>>
>> To my mind, the fix for this belongs in libdlpi or libdladm. Folks
>> using DLPI directly would probably be doing so primarily for
>> portability, and the ability to access DLPI as anything other than root
>> is not portable.
>>
>
> One easy way to address the MAC address issue specifically is to make
> the MAC address a Brussels property. It would then be easily obtained
> through libdladm or via the dladm command line with no privileges.
>
Yes, that would be a natural solution.
- Garrett
> -Seb
>
>
> _______________________________________________
> nwam-discuss mailing list
> nwam-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/nwam-discuss
>
