Glenn,
> > What kind of debugging options are available to determine what
> > commands may be needed by SMF to start a service? For example,
> > if I want to take away the "Basic Solaris User" rights profile
> > from the default and add only those commands that I need, how
> > can I determine what SMF needs (beyond what the actual service
> > being started needs)? The SMF service log was not really helpful
> > in this case.
I'm not sure what your question is? Are you saying that
removing Basic Solaris User from policy.conf means that
some SMF services have difficulty? Or is there something
else here? Recall that manifests can specify authorizations
needed for certain operations. I believe the default in
Basic Solaris User there are a bunch of authorizations.
Perhaps some of them apply to the services, but none seem
to be smf specific.
> > Also, is there a way to set an audit context for a SMF-managed
> > service?
To expand on what Tom said: We could add audit flags to the
method_context. Or some other property group. I'm not sure
that would be of general use. Services should not generally
be audited. Services in general should audit in the requestor
context, if at all.
Today one could configure any audit necessary in the method
using auditconfig -setpmask
Gary..
