[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
David Bustos wrote: > Quoth Riny Qian on Thu, Jun 21, 2007 at 03:04:43PM +0800: >> David Bustos wrote: >>> Quoth Riny Qian on Wed, Jun 20, 2007 at 11:16:44AM +0800: >>> > How many instances will you deliver? How will you disable them in > nonglobal zones? Six instances will be delivered by default, one (default) is for the system console, and the other five (vt2 to vt6) are for virtual consoles. >>> Did you consider delivering an instance for each virtual terminal? >> I assume you meant to add other more instances beyond default six >> instances, then yes, users can do it via svccfg(1M). > > No, I mean vt2 to vt23 or however many virtual terminals there will be. > Then the administrator can start a ttymon by using svcadm, rather than > having to create an instance with svccfg. In most cases, six instances are enough, so we don't plan to provide more. More over, most users are used to six text console sessions and the seventh graphical X session. And there's no limitation on virtual console (aka virtual terminal) number (as long as the minor node allows). thanks, Riny
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
David Bustos wrote: > Quoth Riny Qian on Wed, Jun 20, 2007 at 11:16:44AM +0800: > >>> How many instances will you deliver? How will you disable them in >>> nonglobal zones? >> Six instances will be delivered by default, one (default) is for the >> system console, and the other five (vt2 to vt6) are for virtual >> consoles. > > Did you consider delivering an instance for each virtual terminal? I assume you meant to add other more instances beyond default six instances, then yes, users can do it via svccfg(1M). thanks, Riny
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
Quoth Riny Qian on Thu, Jun 21, 2007 at 03:04:43PM +0800: > David Bustos wrote: > >Quoth Riny Qian on Wed, Jun 20, 2007 at 11:16:44AM +0800: > > > >>>How many instances will you deliver? How will you disable them in > >>>nonglobal zones? > >>Six instances will be delivered by default, one (default) is for the > >>system console, and the other five (vt2 to vt6) are for virtual > >>consoles. > > > >Did you consider delivering an instance for each virtual terminal? > > I assume you meant to add other more instances beyond default six > instances, then yes, users can do it via svccfg(1M). No, I mean vt2 to vt23 or however many virtual terminals there will be. Then the administrator can start a ttymon by using svcadm, rather than having to create an instance with svccfg. David
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
Quoth Riny Qian on Wed, Jun 20, 2007 at 11:16:44AM +0800: > David Bustos wrote: > >Quoth Riny Qian on Mon, Jun 18, 2007 at 12:41:00PM +0800: > >>1. svc:/system/console-login > >> > >>This SMF service serves for all console logins, including virtual > >>console logins. The default instance is used for the system > >>console, and other instances (vt2 to vt6) are used for virtual > >>consoles. > > > >If you're going to use "vt", then you should refer to them as virtual > >terminals, not virtual consoles. > > Here we name the instance name to vt# because we keep consistency with > /dev/vt/# name space, VT_xxx ioctl interfaces, vt(7I), vtdaemon and so > on. > > For documentation, actually virtual terminal is equivalent to virtual > console in this project, and it's also mentioned in the manpages. We > prefer virtual console in the documentation because it sounds like more > precise and accurate. Accurate how? When programs write to the console, does the output show up on all virtual consoles? If not, I don't think they deserve the name "console" if we're giving them the name "terminal" elsewhere. Please just use "virtual terminal". ... > >>o The default instance is delivered enabled since it's needed > >> in seed repository. Other instances for virtual consoles are > >> delivered disabled, and are enabled in generic_limited_net.xml > >> profile and generic_open.xml, and are disabled when they're > >> in non-global zones or when the virtual console functionality > >> is not available. > > > >How many instances will you deliver? How will you disable them in > >nonglobal zones? > > Six instances will be delivered by default, one (default) is for the > system console, and the other five (vt2 to vt6) are for virtual > consoles. Did you consider delivering an instance for each virtual terminal? > The other five virtual console instances will be disabled via > svcadm in the service start method (console-login) when it detects > it's in nonglobal zone via smf_is_nonglobalzone. Ok. ... > >>2. svc:/system/vtdaemon:default > >> > >>This SMF service serves for secure switch between all virtual > >>consoles including the system console . > >> > >>The SMF manifest delivers as: > >>/var/svc/manifest/system/vtdaemon.xml > >>And the method delivers as: > >>/lib/svc/method/vtdaemon > > > >Is vtdaemon a script? If not, then you should deliver it elsewhere. > > Yes, it's a script, just like above console-login. Ok. David
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
David Bustos wrote: > Quoth Riny Qian on Mon, Jun 18, 2007 at 12:41:00PM +0800: >> 1. svc:/system/console-login >> >> This SMF service serves for all console logins, including virtual >> console logins. The default instance is used for the system >> console, and other instances (vt2 to vt6) are used for virtual >> consoles. > > If you're going to use "vt", then you should refer to them as virtual > terminals, not virtual consoles. Here we name the instance name to vt# because we keep consistency with /dev/vt/# name space, VT_xxx ioctl interfaces, vt(7I), vtdaemon and so on. For documentation, actually virtual terminal is equivalent to virtual console in this project, and it's also mentioned in the manpages. We prefer virtual console in the documentation because it sounds like more precise and accurate. > >> The SMF manifest delivers as: >> /var/svc/manifest/system/console-login.xml >> And the method delivers as: >> /lib/svc/method/console-login >> >> To meet the SMF policy, this service is delivered as follows: >> >> o The default instance is delivered enabled since it's needed >> in seed repository. Other instances for virtual consoles are >> delivered disabled, and are enabled in generic_limited_net.xml >> profile and generic_open.xml, and are disabled when they're >> in non-global zones or when the virtual console functionality >> is not available. > > How many instances will you deliver? How will you disable them in > nonglobal zones? Six instances will be delivered by default, one (default) is for the system console, and the other five (vt2 to vt6) are for virtual consoles. The other five virtual console instances will be disabled via svcadm in the service start method (console-login) when it detects it's in nonglobal zone via smf_is_nonglobalzone. > >> o The service is managed using the action_authorization >> "solaris.smf.manage.vt" which is included in the Device Security >> Rights Profile. >> >> o The service is local only and has no inbound network ports. >> >> o The service properties are managed using the value_authorization >> "solaris.smf.value.vt". >> >> o The service implements ttymon(1M) and login(1), which are >> in nature requires full privileges, and the following >> method context is used for this service: >> >> >> >> >> >> >> 2. svc:/system/vtdaemon:default >> >> This SMF service serves for secure switch between all virtual >> consoles including the system console . >> >> The SMF manifest delivers as: >> /var/svc/manifest/system/vtdaemon.xml >> And the method delivers as: >> /lib/svc/method/vtdaemon > > Is vtdaemon a script? If not, then you should deliver it elsewhere. Yes, it's a script, just like above console-login. thanks, Riny
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
Gary Winiger wrote: > Riny, > >> o The service implements project private /usr/sbin/vtdaemon, > > Nit. If this isn't intended to be directly executed by admins, > and only as a service, /usr/lib/ is a better location. Right. It should be under /usr/lib/. > > I don't recall if this has finished ARC review, if not, > I'd suggest /usr/lib. Not yet, though we'll go to ARC for commitment review soon. thanks, Riny
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
Quoth Riny Qian on Mon, Jun 18, 2007 at 12:41:00PM +0800: > 1. svc:/system/console-login > > This SMF service serves for all console logins, including virtual > console logins. The default instance is used for the system > console, and other instances (vt2 to vt6) are used for virtual > consoles. If you're going to use "vt", then you should refer to them as virtual terminals, not virtual consoles. > The SMF manifest delivers as: > /var/svc/manifest/system/console-login.xml > And the method delivers as: > /lib/svc/method/console-login > > To meet the SMF policy, this service is delivered as follows: > > o The default instance is delivered enabled since it's needed > in seed repository. Other instances for virtual consoles are > delivered disabled, and are enabled in generic_limited_net.xml > profile and generic_open.xml, and are disabled when they're > in non-global zones or when the virtual console functionality > is not available. How many instances will you deliver? How will you disable them in nonglobal zones? > o The service is managed using the action_authorization > "solaris.smf.manage.vt" which is included in the Device Security > Rights Profile. > > o The service is local only and has no inbound network ports. > > o The service properties are managed using the value_authorization > "solaris.smf.value.vt". > > o The service implements ttymon(1M) and login(1), which are > in nature requires full privileges, and the following > method context is used for this service: > > > > > > > 2. svc:/system/vtdaemon:default > > This SMF service serves for secure switch between all virtual > consoles including the system console . > > The SMF manifest delivers as: > /var/svc/manifest/system/vtdaemon.xml > And the method delivers as: > /lib/svc/method/vtdaemon Is vtdaemon a script? If not, then you should deliver it elsewhere. David
[vconsole-discuss] Re: [smf-discuss] SMF service policy of virtual console review
Riny, > o The service implements project private /usr/sbin/vtdaemon, Nit. If this isn't intended to be directly executed by admins, and only as a service, /usr/lib/ is a better location. I don't recall if this has finished ARC review, if not, I'd suggest /usr/lib. Gary..
