Sebastien Roy wrote: > I'm sponsoring this case for Cathy Zhou. I've marked the case closed > approved automatic, as the interfaces being modified are private, and > the changes are minor and fairly obvious. > > > 1 Introduction > ============== > > This case proposes two changes related to the dlmgmtd daemon: > > 1) Change the dlmgmtd daemon to be run by the "dladm" user. > > 2) Create a /etc/svc/volatile/dladm directory and change the > dlmgmtd door file location from /etc/.dlmgmt_door to > /etc/svc/volatile/dladm/dlmgmt_door. Remove the > /etc/.dlmgmt_door file from the SUNWcsr package.
Doing this means that dlmgmtd will need to start up with all privileges so that it can write to /etc/svc/volatile to create the dladm subdir, it can then drop the privileges what it doesn't need. However this complicates the cleanup of the door file on exit. [I've been through this with kcfd because it has a similar issue]. Unless there is a real need for this to be on tmpfs I would recommend putting the door file in /etc/dladm/ since that is already owned and writtable by the dladm user. This should mean that dlmgmtd could be started by SMF as the dladm user with only the privs it needs. Note that I'm not suggesting the door file be packaged - it shouldn't be it is a Project Private communication channel. As a side note I've looked at the current privilege code for dlmgtd and it needs a little work as it isn't safe for extensions to the basic set - contact me or Casper offline for what needs to be done here. -- Darren J Moffat
