Cathy Zhou wrote: > Today, all network drivers (including physical network device drivers > and pseudo drivers like aggr) have the same device policy - > net_rawaccess for both read and write. However, Solaris allows the > device policy to be changed on the per-driver basis using add_drv(1m). > > My question is whether anyone knows there is any real case making use > of the per-driver device policy for any good effect, and whether we > could only apply the default policy, but remove[1] the ability to set > per-device policy rules, without hurting anyone.
To reach out into left field... Consider a case where the base machine is using eri0 for its primary network interface but it has a card with bge's or bce's in it. You want to use zones and with zones you want to use IP instances with an exclusive stack instance per zone and those zones get bge/bce devices. The current flexibility allows you to change the device policy required for the local zones relative to that of the global zone, for better or worse. Or to use another example... If I'm installing Solaris on laptops for my users to use and in a situation where they neither have the root password nor root access, I may want to assign a different policy to the use of transient network interfaces (wifi, ppp, etc) to those that are associated with LAN, etc. ...but I think the group that you should be asking this question of is the security group (cc'd). Darren
