Darren J Moffat writes: > I think the relevant functions in libdlpi should in their man page > document what privilege they need and they should cross reference to > privileges(5). It isn't the library as a whole but the individual > functions.
The problem is that it's not the library itself that needs these privileges, but the things underneath that the library accesses. That makes the message awkward at best: "The calling application must have sufficient privilege (see privileges(5)) to access the underlying driver node and, where applicable, the individual functions implemented by that driver. Since there are no common security standards that apply universally to all network drivers, you must consult the documentation for the driver you're trying to use." ... or something like that. And the result is chaos for application writers. If the application depends on resources that may have varying requirements (e.g., both legacy and "new" drivers), there's really no good way to document what privileges that application might need to be granted in order to get its job done. I think the best that we can do is document what we 'intend' (if we have any intent at all) for applications to do, and then add an escape clause: "Some legacy or special devices may require additional privileges. Granting the privileges listed here to your application does not guarantee that it will work with all drivers." -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
