Nicolas Williams wrote: > Is there a stable DTrace interface to get at a contract's decorations? There are many possible consumers of these new terms. DTrace is only one such consumer, and can be designed separately from this case and in parallel with other consumers.
> > The problem with inheritting the FMRI from the contract's parent > contract is that login sessions' contracts (which are created primarily > to be distinct from that of the service that performed the login) and > sub-contracts will have an FMRI that is not necessarily useful -- the > FMRI decoration will only be useful in conjunction with a bit indicating > whether the FMRI was inheritted. process(4) man page diff has code example to check if the "Service FMRI" was inherited or not. > > And if you wanted to you could make the privilege work sligthly > differently: rather than use the privilege to authorize the contract > identity set operation the kernel could simply set a one-bit decoration > value indicating whether the contract creator had that privilege. The "Creator Auxiliary" field was designed to permit an unprivileged contract creator to tag the contract. Antonello
