Darren Reed wrote: > James Carlson wrote: >> ... >>> Some other questions.... >>> What is the rights profile for bridging? >>> >> >> No new rights profile or change to existing profiles is needed. The >> existing "Network Link Security" and "Network Management" rights >> profiles include dladm with sufficient privilege (as documented in >> this project) to allow administration of bridges > > > Will the daemon also be associated with one or both of these?
Why should it be ? The daemon should only be started by SMF. While it is possible to write the SMF manifest such that it uses an exec_attr profile rather than explicit credential entries I don't think that is necessary. In fact I'd say that unless the daemon is intended to also be started by a normal user (for something other than debug purposes) then using an RBAC profile in the SMF manifest just encourages users to think they can start the daemon manually (of course the daemon can be coded to check it is actually running under SMF and refuse to start!). -- Darren J Moffat
