Artem Kachitchkine wrote:
>
> dlmdgtd does not appear least privilege (either via SMF or by explicitly
> dropping unneeded privileges). Or does it in fact require all privileges?
>
> -Artem
I looked into this, and here is what I found:
Because of the needs of the service dependencies, the dlmgmtd daemon starts
at very early stage during boot. In particular, it starts before the
system/filesystem/root service, which runs "devfsadm -I -P" to load the
device_policy down to the kernel.
It means that at the time when dlmgmtd daemon is stared, all /dev devices
nodes can only be open with the *full* privileges. Test shows that the
service failed because:
"/lib/svc/method/svc-dlmgmtd: /dev/null: cannot create
/lib/svc/method/svc-dlmgmtd: /dev/msglog: cannot create
[ Oct 4 16:22:36 Method "start" exited with status 1 ]"
Does anyone on this alias has idea how to solve this issue.
Thanks
- Cathy
