>Hello Darren, > >Wednesday, April 1, 2009, 2:47:31 PM, you wrote: > >DJM> Robert Milkowski wrote: >>> It would also require adjustment of setppriv() at >>> http://src.opensolaris.org/source/xref/onnv/o nnv-gate/usr/src/uts/common/syscall/ppriv.c#57 >>> >>> and perhaps somewhere else. >>> >>> But right now I'm more asking about why L can't be allowed to grow (when E >>> is a full set or whe n new L' is a subset of E set of calling process) rather then implementing anything. > >DJM> If L could grow it wouldn't be L it would be P. The reason L can only >DJM> be reduced is fundamental to how the privilege system works and what >DJM> makes it safe - particularly for zones. > >DJM> Please give a very specific example of what it is you are trying to do. > >You have a zone with a default limitpriv set and you want to give a >user with a zone ability to use snoop. He would need net_rawaccess. >How can I do it *without* zone restart? > >Or you want to enable dtrace inside a zone without zone restart...
And he needs the device and possibly also a "exclusive IP stack". Casper _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
