James Carlson wrote: > Glenn Faden writes: >> The policy for how to handle such media is specified in the device_clean >> script. Customers are free to write their own customized scripts since >> the interface is stable. In particular, the SRSS 4.0 release includes >> Sun Ray-specific device_clean scripts. In the case of hot-plugged USB >> devices they never create a device node in any labeled zone. If the >> device isn't recognized as mountable, the allocation is denied. > > I see. > > In that case, it makes a lot more sense to me that we'd simply have a > way of saying that the policy is "no device nodes in the zone," > regardless of the outcome of the mount attempt. Having a fallback > position of mount-point-only first and then raw-device if that fails > seems like a mistake. It doesn't seem to represent any useful policy. > > Yes, I understand that this is ancient policy and not really part of > this case. The part that's in this case, though, is the strange use > of an "alternate success" exit value.
That is necessary in case someone wants to implement a policy in their device_clean script that gives the user the option of mounting any mountable filesystems on the device or making device nodes available in a local zone. The issue of being able to panic the system due to garbage on the device causing the kernel fs code to puke isn't really related to device allocation and TX specifically - someone could take a USB memory stick to another system (say, a PC or a Mac or a non-TX system, etc...), write garbage on it, and then plug it into a TX system, where our wonderfully (non)-robust filesystem code will toss it's cookies when the device is mounted. The latter is a separate issues and speaks more towards out lack of resourcing to fix the myriad of pcfs bugs. Hopefully with OpenSolaris we'll be able to get some people not on Sun's payroll to fix pcfs. mike
