I'm sponsoring this closed approved automatic case for
myself. If anyone feels this needs to be a fasttrack,
I'm happy to change it.
Thanks,
Jerry
Template Version: @(#)sac_nextcase 1.70 03/30/10 SMI
This information is Copyright (c) 2010, Oracle and/or its affiliates. All
rights reserved.
1. Introduction
1.1. Project/Component Working Name:
PRIV_SYS_RES_BIND privilege
1.2. Name of Document Author/Supplier:
Author: Gerald Jelinek
1.3 Date of This Document:
19 May, 2010
4. Technical Description
On some hardware platforms it is necessary to control the binding of
processes to processor sets so that acceptable performance can be achieved.
Within a zone, it is not possible to do this binding, which is controlled
by the PRIV_SYS_RES_CONFIG privilege (see privileges(5)). This privilege
cannot be assigned to a zone since it controls too many other capabilities
which are unsafe within a zone. We will create a new privilege
PRIV_SYS_RES_BIND which allows a process to bind processes to processor sets.
This privilege can be assigned to a zone, although it will not be assigned
by default. This new privilege is a subset of PRIV_SYS_RES_CONFIG, so
only having PRIV_SYS_RES_CONFIG will still allow a process to bind processes
to processor sets.
Requesting patch binding, although there are no current plans to backport
this to S10.
Interface Table
PRIV_SYS_RES_BIND Committed
PSARC/2002/188 Least Privilege for Solaris
defined the privilege constants as Stable using the old taxonomy.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: Automatic
6.6. ARC Exposure: open
_______________________________________________
opensolaris-arc mailing list
[email protected]
