Casper.Dik at Sun.COM writes: > Project Synopsis: Enabling finer grained access control in OpenSolaris [...] > The current Solaris privilege model does not allow one > to express policy requirements such as "only allow > binding to port 80/tcp", "only allow read access to > file <<foo>>" or "only allow write access under $HOME/.mozilla" > for a particular process or set of processes.
A big +1 from me. While you're doing that, though, please consider locating and ripping out the various half-way schemes that have been implemented in lieu of such a policy. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
