This seems like a good idea, but out of curiosity, is there a specific
motivation here?
- Garrett
Casper Dik wrote:
> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
> This information is Copyright 2009 Sun Microsystems
> 1. Introduction
> 1.1. Project/Component Working Name:
> Basic Network Privilege
> 1.2. Name of Document Author/Supplier:
> Author: Casper Dik
> 1.3 Date of This Document:
> 22 December, 2009
> 4. Technical Description
> I'm sponsoring this fasttrack for myself.
>
> This project proposes one new "basic" privilege.
>
> NET_ACCESS
> Allows a process to open a network connection.
>
> The purpose of this privilege is the ability to create a process
> confined to the current system.
>
> The NET_ACCESS basic privilege is required for opening any IP endpoint
> (socket(), t_open()) except those which already require a different
> privilege, e.g., raw sockets.
>
> Note: a "basic" privilege is a privilege which is part of the
> default I, P and E privilege set. Basic privileges should never be
> removed from I, P and E unless it is known that the specific privilege
> is not used in the application.
>
> Requested binding: patch/minor
>
>
> There is no need to update the socket(3*) and t_open(3nsl) manual pages
> as both calls already cater for a permission error.
>
> --- privileges.5 Mon Dec 21 11:46:34 2009
> +++ privileges.5.new Mon Dec 21 11:53:27 2009
> @@ -180,6 +180,9 @@
> remove, change ownership of, or change permission bits of the
> Message Queue, Semaphore Set, or Shared Memory Segment.
>
> + PRIV_NET_ACCESS
> + Allows a process to open a network connection.
> +
> PRIV_NET_BINDMLP
> Allow a process to bind to a port that is configured as a
> multi-level port (MLP) for the process's zone. This privilege
>
> 6. Resources and Schedule
> 6.4. Steering Committee requested information
> 6.4.1. Consolidation C-team Name:
> osnet
> 6.5. ARC review type: FastTrack
> 6.6. ARC Exposure: open
>
>
