On Tue, 2009-05-12 at 22:16 -0500, Nicolas Williams wrote: > On Tue, May 12, 2009 at 03:22:33PM -0400, Sebastien Roy wrote: > > On Mon, 2009-05-11 at 13:20 -0700, Liane Praza wrote: > > > (I guess I find software which requires a different privilege set inside > > > the local zone a bit surprising, especially in the world of configurable > > > zone privileges.) > > > > The context is that the DHCP server requires "all" privileges because it > > ... > > > The other piece of the puzzle is that the DHCP server doesn't currently > > run in non-global zones because the service manifest explicitly calls > > out that "all" privileges are needed by the start method, and non-global > > zones don't have "all" privileges available. > > Use "zone" to mean "all privs in this zone".
Right; isn't that equivalent to not having a privilege tag in the manifest at all? -Seb
