Hello Darren, Wednesday, April 1, 2009, 2:47:31 PM, you wrote:
DJM> Robert Milkowski wrote: >> It would also require adjustment of setppriv() at >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/syscall/ppriv.c#57 >> >> and perhaps somewhere else. >> >> But right now I'm more asking about why L can't be allowed to grow (when E >> is a full set or when new L' is a subset of E set of calling process) rather >> then implementing anything. DJM> If L could grow it wouldn't be L it would be P. The reason L can only DJM> be reduced is fundamental to how the privilege system works and what DJM> makes it safe - particularly for zones. DJM> Please give a very specific example of what it is you are trying to do. You have a zone with a default limitpriv set and you want to give a user with a zone ability to use snoop. He would need net_rawaccess. How can I do it *without* zone restart? Or you want to enable dtrace inside a zone without zone restart... -- Best regards, Robert Milkowski http://milek.blogspot.com _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
