On Wed, 2008-07-23 at 11:18 +0100, Darren J Moffat wrote: > Sebastien Roy wrote: > > 3. Proposed Architectural Changes > > > > This case proposes a new sys_dl_config privilege that is a subset of > > the existing sys_net_config privilege. This privilege will be > > required to make modifications to datalink configuration, but will > > not be required to read datalink configuration. > > Does this mean that either sys_net_config or sys_dl_config will be > sufficient ?
Yes, either will be sufficient. > If it doesn't then there will likely be updates to the dladm entries in > exec_attr required. I've changed those entries anyway to include sys_dl_config instead of sys_net_config as sys_net_config is now overkill for dladm. I've also removed all GLDv3 control device entries from /etc/security/device_policy because (1) aggr, vnic, and dld, are replaced with a single dld control device, and (2) no privileges are required to open the new /dev/dld control device. -Seb
