Darren Reed wrote: > Darren J Moffat wrote: > >> Darren Reed wrote: >> >>> In /etc/security/device_policy, a list of devices can be found, >>> along with privilege requirements for certain operations. >>> >>> This file is not documented in any man pages, so I'm guessing >>> about what its actual purpose and role is, aside from being >>> updated by devfsadm, et al. >> >> >> It is documented in add_drv(1m) >> >> See the description of -p in the add_drv(1m) man page. The >> add_drv(1m) command is how admins update the device_policy database. > > > Should drivers that do an add_drv or similar in postinstall be > updating this file, in keeping with what other devices do? > > SUNWnge installed an nge driver for my Ultra20 desktop > but nothing was added to device_policy - the postinstall in > pkgdefs/SUNWnge confirms this to be the case. > Smells like a bug to me...
What are the permissions on /dev/nge ? If it is 666 then it is likely least priv aware and should have a device_policy entry. If it is root 600 then it is "old style" and thus relies on device permissions likely and so doesn't have a device_policy entry. For example /dev/ipf is 0666 root:sys but you need the privs listed in the device_policy to open it (sys_net_config for both read and write). -- Darren J Moffat
