(I'm re-sending this, as my previous mail bounced back to me. Apologies for any dups and the out-of-order response.)
Peter Schow writes: > Hi Liane, > > On Thu, Feb 08, 2007 at 05:14:49PM -0800, Liane Praza wrote: > > - This policy applies to you if you create, modify or use > > + This policy applies to you if you create or modify SMF > > + services (for any restarter, including svc.startd and inetd). > > How does this affect the existing 26 or so inetd SMF manifests which could > be taken out of compliance by this clarification, mainly around the area > of specifiying authorizations? As the policy was not completed before ARC review of services began, there are many services which do not comply with the policy. (For all restarters. The clarification does not introduce new requirements, only clarified a confusion some, but not all, saw when reading the policy.) > This may be a good opportunity for a consistent RBAC review across these > services. I believe a set of bugs/rfes would be the appropriate way to handle this. We couldn't, and still can't make the policy retroactive from an ARC point of view. :) Services which re-visit ARC will have the policy enforced at that time, so there is also incremental improvement. But, again, I agree that we should file bugs/rfes around Solaris services not in compliance today. liane -- Liane Praza, Solaris Kernel Development liane.praza at sun.com - http://blogs.sun.com/lianep
