> > A list of available BEs will also be provied in the GUI. If users > > select a BE which is different from the default one, the restart > > dialog will ask ConsoleKit to reboot into the selected BE. > > ConsoleKit > > will check solaris.system.shutdown to identify if the user has > > enough > > privilege. If so, ConsoleKit will use "bootadm set-menu default=n" > > to update the default BE and then do a reboot. > > > This part concerns me a little. It is quite a different policy decision > to be able to reboot the existing BE than to change the default one.
This is because bootadm is used to set default boot entry and I think it does not support set default boot entry temporarily. I CCed Vikram, the developer of bootadm. > Yes the user could just select the alternate one from the GRUB menu in > most cases. However I'd prefer to see an additional authorisation added > for this check, it can be in the default set provided by the "Console > User" property. I suggest something like "solaris.system.bootadm". > This is similar to how suspend/resume has been dealt with. > If I want to add "solaris.system.bootadm", what should I do and in which module it should be put in? Regards, Jedy
