Shawn Walker wrote: > > If that's the way it is, then so be it, but I do wish there was a "better > way." >
It sounds like the only way is to resolve all the profiles down to their finest granularity, and create an app-specific list of known required capabilities to complete the operation. As a shortcut, you could start with a profile you know works and explode that to a list of atomic capabilities. That allows the profile names to change, and it allows derived profiles to also work. If you do the expansion statically, then it doesn't protect you if a new low-level capability is added, and then one of your app components is updated to require the new capability. If you expand a know profile dynamically and make sure your existing capabilities have at least the same ops, then it should work. Note: I know zip about RBAC on Solaris. But this sounds like a generic software interface dependency problem. Feel free to steer this to some other alias and CC: me, if you want. > Thanks a lot for the feedback! > _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
