> > I thought I already commented on this, but now I can't find the response, > > so just for the record: message-level DLPI privilege checks are unworkable > > unless the DR model is redesigned. As it stands, having an open DLPI > > stream to a PPA will hold the associated hardware hostage and prevent DR. > > My response to this is, that is a "feature" of DR. There are other > kinds of devices (not just NICs) that allow user-level attachment that > can hold DR hostage. Some kinds of storage devices, audio devices, > cryptography controllers, etc. all have varying degrees to which > unprivileged users are able to create references against the hardware > which would prevent their removal.
I don't regard that as acceptable. -- meem
