On Wed 12 Nov 2008 at 09:51AM, Darren J Moffat wrote:
> The only change I would suggest is that you also remove the following
> basic privs that a read_only depotd really shouldn't need:
>
> file_link_any
> proc_session
> proc_info
Darren-- so 'basic' is presently made up of:
file_link_any
proc_exec
proc_fork
proc_info
proc_session
Is it more correct to express this as
basic,-file_link_any,-proc_exec,-proc_fork,-proc_info,-proc_session
Or just not bother to grant 'basic' at all?
-dp
--
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
