Quoth Christine Tran on Mon, Oct 23, 2006 at 03:13:15PM -0400:
> David Bustos wrote:
> >Can you explain what "audit work and ro filesystems" means? Does the
> >user want to carry out some operations before the system has fully come
> >up?
>
> I think the customer intends for the system to come up with some
> filesystems mounted read-only, with only some auditing tools available,
> minimal network services. Some service would only run in this
> milestone, and perhaps he doesn't want the system to come up fully
> because parts of it may have been trojaned. If there is a way to
> achieve this state using profile then I think he would be happy.
Can he boot into single-user mode and then enable any services he needs?
> >> Incidentally, if I were to
> >>make my own dummy foo-milestone manifest and just drop it in
> >>/var/svc/manifest/milestone, and modify some dependencies to make
> >>multi-user-server its parent, would that do anything? I could try it,
> >>but perhaps someone can save me 30 minutes?
> >
> >What do you mean by 'do anything'?
>
> What would happen if I drop in a fake milestone.xml? Would I have
> created a new milestone or would the system complain, or silently ignore
> the new manifest?
The milestones which svcadm milestone accepts are hard-coded into
svcadm & svc.startd. Other services which happen to have 'milestone' in
their name are treated like every other service.
> >>If my modification involves the
> >>exact thing that the new manifest wants to change, what happens? For
> >>example, I used svccfg to change some property from X to Y. A patch
> >>wants to change X to Z. Does this override my customization?
> >
> >Not if Y != X. On each import, svccfg stashes a pristine copy of the
> >properties in the last-import snapshot, and on upgrade it uses it to
> >determine whether you've customized any properties. For properties that
> >you customized, it will refuse to change them. However, this means that
> >there's no way to say "I want to customize this property to the same
> >values," since svccfg will interpret that as uncustomized.
>
> Wouldn't this constrained property changes, sometimes in a bad way? The
> original property is X. Sun really wants it to be Z because very bad
> things could happen if the property is anything other than Z. But Sun
> will be unable to change this, because I've already changed X to Y.
Yes. Solutions include:
- Make it easy for the developer to handle this case during upgrade.
- Advise developers to fail on invalid configuration instead of doing
very bad things. (And make it easy for the software to communicate
the error to the user.)
- Advise developers to change the name of a property when its
semantics change.
David
