>> online Oct_17 svc:/application/opengl/ogl-select:default >> . . . > > The ogl-select service sets up dirs/symlinks in /var/run/opengl/ to make > things in /usr/include/ work for any compilation of OpenGL C/C++ code. > If your users ever compile anything like that, you'll want to leave this > enabled. Note that it's not a "real" service, nothing runs or listens to > network traffic, so I can't see how turning it off will make things > more secure.
Herein lies the problem with securing a box from a service POV. There are transient services (two types, in fact, those that toggle and those that run only once) and non-transient services. For transient services that run only once and effectively has no stop method, what does it mean to the system to disable them? Take for example, filesystem/root, the stop method does nothing. Looking at its dependents, there's boot-archive, but that dependency is restart_on none. Logically I should be able to disable filesystem:root, I don't believe svcadm disable filesystem/root would do anything. However, there is something wacky about looking at a system and seeing filesystem/root disabled. Though, from a security perspective, the box "looks" better when the number of online services is low. CT _______________________________________________ sysadmin-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
