> privileges='basic,!file_link_any,sys_mount,file_dac_write,file_chown_self,sys_net_config'
> In the daemon itself, it also needs to open the dld control node and > download the door_fd to the kernel in order for the daemon to be ready to > accept the door upcalls. That also requires *all* privileges. I'm still a little skeptical about that. Very few things in the kernel require a full privilege set: just grep uts/common/os/policy.c for PRIV_ALL|PRIV_FULLSET, it's used for key things like zone creation, modload, stuff that can lead to privilege escalation... Most devices-related code call drv_priv(9F), which used to require euid==0, but now requires sys_devices privilege. If you need to override file permissions, only file_dac_write is required, unless file belongs to uid 0 and you're euid != 0. > I will try to do this in the daemon itself, after the door is ready to be > used. That's pretty normal, to do initialization with extra privileges and drop them for the rest of daemon's life cycle. -Artem
