Darren J Moffat wrote: > Darren Reed wrote: > >> Darren J Moffat wrote: >> >>> Darren Reed wrote: >>> >>>> In /etc/security/device_policy, a list of devices can be found, >>>> along with privilege requirements for certain operations. >>>> >>>> This file is not documented in any man pages, so I'm guessing >>>> about what its actual purpose and role is, aside from being >>>> updated by devfsadm, et al. >>> >>> >>> >>> It is documented in add_drv(1m) >>> >>> See the description of -p in the add_drv(1m) man page. The >>> add_drv(1m) command is how admins update the device_policy database. >> >> >> >> Should drivers that do an add_drv or similar in postinstall be >> updating this file, in keeping with what other devices do? >> >> SUNWnge installed an nge driver for my Ultra20 desktop >> but nothing was added to device_policy - the postinstall in >> pkgdefs/SUNWnge confirms this to be the case. >> Smells like a bug to me... > > > What are the permissions on /dev/nge ? > > If it is 666 then it is likely least priv aware and should > have a device_policy entry. If it is root 600 then it is "old style" > and thus relies on device permissions likely and so doesn't have a > device_policy entry.
/devices/pseudo/clone at 0:nge is 666 and "cat /dev/nge" fails with net_rawaccess being denied but device_policy has nothing for it. Darren
