> Solution 3:
> ===========
> Add a new key word, "class" in device_allocate(4) (key words were
> introduced in PSARC/2005/691, but are missing from the current man page
> -- see case directory) to the existing key words to distinguish a class
> of devices. Add a new key word, "xdpy" in device_allocate(4) to the
> existing key words to store an X Display name. Both new key words
> are generic and are not restricted to SunRay operation. SunRay is the
> first identified consumer.
> add_allocatable(1M) and remove_allocatable(1M) are used to update
> device_allocate(4).
From the pre-review, I'm still having trouble with the efficacy
of class and xdpy. I believe I see where class can be used
in deallocate and list_devices to deallocate a "class" of devices
as a single unit and to display for human consumption a class of
devices to identify their status. However, "xdpy" seem to be
"write only". add_allocatable will update the field, however
I don't see how it is possible to use the field outside of
allocate, deallocate, list_devices. There seems to be no public
programming interface to retrieve or filter on its value.
If it is returned by list_devices, the output of list_devices
is Not-An-Interface. None of the library routines for
device_allocate(4) are scoped public.
So why are both "class" and "xdpy" required? How should xdpy
be used?
This seems different from "zone," which I can intuit being used
for internal bookkeeping in allocate/deallocate to identify the
labeled zone where the allocated device nodes reside.
Gary..
>
> device_allocate(4):
> ~~~~~~~~~~~~~~~~~~~~~~
>
> DESCRIPTION
> The device_allocate file contains mandatory access control
> information about each physical device. Each device is
> represented by a one line entry of the form:
>
> ~ device-name;device-type;reserved1;reserved2;auths;device-exec
>
> device-type This is an arbitrary ASCII string naming the
> generic device type. This field identifies
> and groups together devices of like type.
> This field contains no embedded white space
> ~ or non-printable characters. The following
> ~ types of devices are currently managed by the
> ~ system: audio, sr (represents CDROM drives),
> ~ fd (represents floppy drives), st (represents
> ~ tape drives), rmdisk (removable media devices)
>
> ~ reserved1 On systems configured with Trusted Extensions,
> ~ this field stores a colon-separated (:) list
> ~ of key-value pairs that describe device
> ~ allocation attributes used in Trusted
> ~ Extensions. Zero or more keys may be
> ~ specified. The following keys are currently
> ~ interpreted by Trusted Extensions systems:
> ~ minlabel Specifies the minimum label at
> ~ which device can be allocated.
> ~ Default value is admin_low.
> ~ maxlabel Specifies the maximum label at
> ~ which device can be allocated.
> ~ Default value is admin_high.
> ~ zone Specifies the name of the zone
> ~ in which device is currently
> ~ allocated.
> + class Specifies a logical grouping
> + of devices. For e.g., all Sun
> + Ray devices of all device types.
> + There is no default class.
> + xdpy Specifies the X Display name.
> + This is used to identify devices
> + associated with that X session.
> + There is no default xdpy value.
>
> add_allocatable(1M):
> ~~~~~~~~~~~~~~~~~~~~~~
>
> OPTIONS
>
> -o key=value Accepts a string of colon-separated
> key=value pairs for a device that is speci-
> fied with -n or with devices of the type
> that is specified with -t. The following
> keys are currently interpreted by the sys-
> tem:
>
> minlabel The minimum label at which the dev-
> ice can be used.
>
> maxlabel The maximum label at which the dev-
> ice can be used.
>
> + class Specifies a logical grouping of
> + devices. For e.g., all SunRay
> + devices of all device types. There
> + no default class specified.
> +
> + xdpy Specifies the X Display name.
> + This is used to identify devices
> + associated with that X session.
> + There is no default xdpy value.
>
> remove_allocatable(1M):
> ~~~~~~~~~~~~~~~~~~~~~~
>
> SYNOPSIS
> | /usr/sbin/remove_allocatable [-f] [-n name | -c dev-class]
>
> /usr/sbin/remove_allocatable [-f] [-d] -t dev-type
>
> OPTIONS
>
> + -c dev-class Removes devices that belong to dev-class.
>
> deallocate(1):
> ~~~~~~~~~~~~~~~~~~~~~~
>
> SYNOPSIS
> | deallocate [-s] [-w] [-F] [-z zonename]
> + [-c dev-class | -g dev-type | device]
>
> - deallocate [-s] [-w] [-F] [-z zonename] -g dev-type
>
> deallocate [-s] [-w] [-F] [-z zonename] -I
>
> OPTIONS
> The following options are supported:
>
> + -c dev-class Deallocates all devices of the specified
> + device class.
>
> list_devices(1):
> ~~~~~~~~~~~~~~~~~~~~~~
>
> SYNOPSIS
> list_devices [-s] [-U uid] [-z zonename] [-a]
> | [-l | -n | -u] [-c dev-class | device]
>
> DESCRIPTION
> The list_devices utility lists the allocatable devices in
> the system according to specified qualifications.
>
> The device and all device special files associated with the
> device are listed. The device argument is optional and, if
> | it is not present, all relevant devices are listed, unless
> + dev-class is present, in which case devices belonging to the
> + specified dev-class are listed. There is no default
> + dev-class.
>
> OPTIONS
> The following options are supported:
>
> | -l [-c dev-class | device]
> Lists the pathname(s) of the device special
> files associated with the device that are
> | allocatable to the current process.
> + If dev-class is given, lists only the files
> + associated with all devices of the specified
> + device class.
> | If device is given, lists only the files
> | associated with the specified device.
>
> | -n [-c dev-class | device]
> Lists the pathname(s) of device special files
> associated with the device that are allocat-
> able to the current process but are not
> | currently allocated.
> + If dev-class is given, lists only the files
> + associated with all devices of the specified
> + device class.
> | If device is given, lists only the files
> | associated with the specified device.
>
> | -u [-c dev-class | device]
> Lists the pathname(s) of device special
> files, associated with the device that are
> allocated to the owner of the current pro-
> | cess.
> + If dev-class is given, lists only the files
> + associated with all devices of the specified
> + device class.
> | If device is given, lists only the files
> | associated with the specified device.
>
> -U uid Uses the user ID uid instead of the real user
> ID of the current process when performing the
> list_devices operation. Only a user with the
> solaris.device.revoke authorization can use
> this option.
>
> -s Silent. Suppresses any diagnostic output.
>
