On Thu, 3 May 2007, David Bustos wrote: > Quoth David Finberg on Thu, May 03, 2007 at 11:31:28AM -0400: >> As a consumer, what interface am I supposed to use to determine if this >> feature is present on the system, especially from a script? I didn't >> notice an ovbious answer in the document, but I'll admit I've only skimmed >> it so far. > > The project will introduce new options and subcommands to the existing > SMF commands. Attempts to use them on SMF systems preceding the project > will fail.
Right, but will there be an way to determine if the syntax is bad, or the command is failing for another reason? If svccfg audit foo returns 1 when both verify is unsupported and when foo is not the current state, that's hard to tell apart. Consider something like the Solaris Security Toolkit. After Enhanced Profiles, we could just write a new profile, and install it on the system, and audit against it, etc. Before, we have more complicated logic to disable services, check their state, etc. When we are running, it would be nice to be able to tell which logic we should use, rather than trying to hardcode the logic choice to a Solaris release and worry about backporting later. If there is a new command to install profiles, then that would be fine, since I assume it's name would be at least evolving. But if it's all done with new suboptions that's hard to distinguish from a script typically. -- Dave
