Christine, Not every privilege attempt that is asserted by a process is needed for it to operate correctly. It really depends on the process and what it is trying to do. We would need further details about the process and its source code to debug further, but based on my experience this kind of thing does indeed happen.
g Christine Tran wrote: > Hi, > > I'm running privdebug on a process. One of the privileges asserted > was sys_ip_config. Since this is not an exclusive-ip zone, this > privilege is not even in the zone's L set. However, the process runs > fine. What's happening here? This is a labeled zone on TX, if that > information is relevant. > > Maybe I'm not understanding what privdebug is reporting. I use > privdebug to determine what's asserted and add it to the E set, but in > this case, it would be a mistake to add sys_ip_config, but yet, > privdebug reports that it's asserted. > > CT > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
