On Fri, Apr 04, 2008 at 10:50:11PM +0100, Jeremy Harris wrote: > Bart Smaalders wrote: > >If you want auditing and RBAC, figure out a way to do so that doesn't > >place so heavy a tax on every project that wants to deliver on Solaris. > >Rewriting or adding commands to every project is not acceptable - > >and is pointless so long as we don't even fund command line interfaces > >for all the config files Sun has introduced over the years. > > Re auditing: what are the requirements? Would a trap on writes to > config files labeled as subject to audit gather enough information, > or is finer grain required? > > Re RBAC: could ACLs be manipulated to enforce such access control?
ZFS has audit SACL support, but the system doesn't actually honor audit SACLs (i.e., it doesn't audit applicable file events as a result of audit SACLs).
