--On Tuesday, February 03, 2009 10:05:31 AM +0000 Darren J Moffat <darrenm at opensolaris.org> wrote:
> Based on your description of what you are trying to do I think you want > an ACL based system for some of this rather than privileges. I think he's thinking of an ACL-based system with a privilege that allows defeating the ACL. > Depending on the exact needs of the firewall rules case there could be a > use for a PAGs (see the recent thread that Nico Williams started) > approach to rules. For example the rules to open up a given port are > only valid while there are processes left in the PAG that added the > rules, once they are all gone the rules should be automatically reaped. That sounds like a really good idea. -- Jeff
