> Artem Kachitchkine wrote: >>> Only a limited set of privilege are needed once the system is booted. >> Could you please list these privileges here. >> > privileges='basic,!file_link_any,sys_mount,file_dac_write,file_chown_self,sys_net_config'
> "/lib/svc/method/svc-dlmgmtd: /dev/null: cannot create > /lib/svc/method/svc-dlmgmtd: /dev/msglog: cannot create These failures are not from the daemon itself, but from the SMF startup script, which has: 47 if /usr/bin/pgrep -x -z global dlmgmtd >/dev/null; then .. 52 /sbin/dlmgmtd >/dev/msglog 2>&1 What you can do instead, is drop privileges in the daemon itself, using functions defined in priv.h. Here's an example: http://blogs.sun.com/gbrunett/entry/privilege_enabling_set_id_programs1 -Artem
