On Mon, 2009-05-11 at 13:20 -0700, Liane Praza wrote: > Sebastien Roy wrote: > > Is there a way to start a service method with a different set or > > privileges depending on whether or not it's being run in the global > > zone? > > Not explicitly as part of SMF.
Okay. > (I guess I find software which requires a different privilege set inside > the local zone a bit surprising, especially in the world of configurable > zone privileges.) The context is that the DHCP server requires "all" privileges because it calls a plugin API that 3rd parties could use to have the data stored by the server be in an arbitrary data-store. The privilege set required by the plugin callbacks is unknown, and therefore the service runs with all privileges. The other piece of the puzzle is that the DHCP server doesn't currently run in non-global zones because the service manifest explicitly calls out that "all" privileges are needed by the start method, and non-global zones don't have "all" privileges available. A possible fix to allow the DHCP server to run in non-global zones would have been to specify only the required set of privileges in the manifest, but that would cause a regression for 3rd parties that may required special privileges to access their data-stores. The idea then came up that perhaps the service could run with all privileges in the global zone (the only possible place where 3rd party data-stores could be in use today), and with only the set of known required privileges in non-global zones. I think at this point, omitting the privilege tag in the manifest is the only way to get this thing to reliably run in non-global zones while preserving backward compatibility in the global zone. This results in the service running with the maximum set of available privileges, right? -Seb
