This seems that we need to provide a per-device policy instead of
per-driver policy.
What you're seeing with add_drv is a an architecture that allows
different drivers to specify different policies even though they may
be part of the same subsystem in Solaris.
Your question therefore, to me, sounds like you want to exempt
networking drivers from part of the general security architecture
in Solaris, correct?
Yes. What in my mind is not mature yet. But I am thinking that we will at
least not to encourage people to specify the per-driver policy for *network*
devices, maybe by ignore whatever assigned to network driver. But instead
only apply the default policy.
Whilst advances in Solaris may now mean that we need to be able to
specify the policy on a per-link or per-device basis for it to make
more sense, that is an enhancement for the future.
Yes. I agree.
- Cathy
_______________________________________________
networking-discuss mailing list
[email protected]
