On Thu, 11 Feb 2010 10:24:22 -0800 Renee Danson Sommerfeld <renee.sommerfeld at sun.com> wrote:
> On Thu, Feb 11, 2010 at 06:16:31PM +0000, Alan Maguire wrote: > > On 11/02/2010 18:06, Renee Danson Sommerfeld wrote: > > >I have a webrev available with the fix for > > > > > >http://defect.opensolaris.org/bz/show_bug.cgi?id=14521 > > > > > >webrev is > > > > > >http://jurassic.sfbay/~okie/webrev.14521/ > > > > > >I've verified that keys can be created in a global zone with this > > >fix; Michael is verifying that nwamd can still start up in a non- > > >global zone now (but the priv I've added does show up in the list > > >of privileges available in a zone, so we expect it to be fine). > > > > > looks fine. Do we also need PRIV_SYS_DL_CONFIG > > (for setting macaddr/linkprops) in non-global zones, > > or is that priv not available there? > > It looks like sys_dl_config is not available in a non-global zone, > based on the list Michael generated in a zone he had configured. > Michael, I assume that was an exclusive-stack zone where you got > the priv list, right? yes and I checked again. Those privs are not available. > > We should check the linkprop setting. Michael, since you have the > zone config, could you give that a try? Yes, I tried to set a mac addr and it failed. OTOH if somebody created the zone and added sys_dl_config to the limit set then we could get it. What you could do is check the zone set and see if it exists and if it does add it to our privset. What we should do is build our requested set and then priv_intersect() it with the (all) zone set. Thats way more clean then the global check and deals with however the user decides to configure the zone. Michael > > Thanks, > renee > _______________________________________________ > nwam-dev mailing list > nwam-dev at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/nwam-dev
