Artem Kachitchkine wrote: >> Artem Kachitchkine wrote: >>>> Only a limited set of privilege are needed once the system is booted. >>> Could you please list these privileges here. >>> >> privileges='basic,!file_link_any,sys_mount,file_dac_write,file_chown_self,sys_net_config' > > > "/lib/svc/method/svc-dlmgmtd: /dev/null: cannot create > > /lib/svc/method/svc-dlmgmtd: /dev/msglog: cannot create > > These failures are not from the daemon itself, but from the SMF startup > script,
In the daemon itself, it also needs to open the dld control node and download the door_fd to the kernel in order for the daemon to be ready to accept the door upcalls. That also requires *all* privileges. > which has: > > 47 if /usr/bin/pgrep -x -z global dlmgmtd >/dev/null; then > .. > 52 /sbin/dlmgmtd >/dev/msglog 2>&1 > > What you can do instead, is drop privileges in the daemon itself, using > functions defined in priv.h. Here's an example: > > http://blogs.sun.com/gbrunett/entry/privilege_enabling_set_id_programs1 > I will try to do this in the daemon itself, after the door is ready to be used. Thanks - Cathy > -Artem > _______________________________________________ > networking-discuss mailing list > networking-discuss at opensolaris.org
