>On Mon, Jul 06, 2009 at 10:17:39PM +0200, Casper.Dik at Sun.COM wrote: >> >> >> >hey casper, >> > >> >fyi, this is not how zones works. zones starts with the empty set and >> >then adds privs. please see the brand config.xml files for where this >> >is defined. you'll need to upate these files with these new privileges. >> >(and feel free to file an RFE against zones to start with the basic set >> >and then add or remove privs as necessary.) >> >> >> I looked through the code and it appears that the code tries to always >> adds "basic" to the 'default' set. >> >> It appears, then, that adding stuff the "basic" will just work except >> when you configure a zone without specifying "default" for limitpriv. >> > >oops. your right. i was confusing this with the need to update these >config files with new non-basic privs that are required for correct >system operation.
Still, I think we should need to add an option to add "basic,!needed" to the "required set" for a particular "brand". Casper
