Peter Memishian wrote:
> > > In any event, not this project. ;-}
> >
> > I know, but it's an interesting and related discussion nevertheless.
>
> I thought I already commented on this, but now I can't find the response,
> so just for the record: message-level DLPI privilege checks are unworkable
> unless the DR model is redesigned. As it stands, having an open DLPI
> stream to a PPA will hold the associated hardware hostage and prevent DR.
>
>
My response to this is, that is a "feature" of DR. There are other
kinds of devices (not just NICs) that allow user-level attachment that
can hold DR hostage. Some kinds of storage devices, audio devices,
cryptography controllers, etc. all have varying degrees to which
unprivileged users are able to create references against the hardware
which would prevent their removal.
(True, the problem is probably worse in the face of NIC devices.) I
still think that handling this at the point of libdladm is the best way
to provide reduced privilege access to certain fields/attributes, even
though its not portable. (And notably, applications which want to be
portable to Solaris 8/9 and use DLPI have to accept that root privilege
is required to run them, typically.)
- Garrett
