Quoth Riny Qian on Mon, Jun 18, 2007 at 12:41:00PM +0800:
> 1. svc:/system/console-login
>     This SMF service serves for all console logins, including virtual
>     console logins.  The default instance is used for the system
>     console, and other instances (vt2 to vt6) are used for virtual
>     consoles.

If you're going to use "vt", then you should refer to them as virtual
terminals, not virtual consoles.

>     The SMF manifest delivers as:
>         /var/svc/manifest/system/console-login.xml
>     And the method delivers as:
>         /lib/svc/method/console-login
>     To meet the SMF policy, this service is delivered as follows:
>     o The default instance is delivered enabled since it's needed
>       in seed repository. Other instances for virtual consoles are
>       delivered disabled, and are enabled in generic_limited_net.xml
>       profile and generic_open.xml, and are disabled when they're
>       in non-global zones or when the virtual console functionality
>       is not available.

How many instances will you deliver?  How will you disable them in
nonglobal zones?

>     o The service is managed using the action_authorization
>       "solaris.smf.manage.vt" which is included in the Device Security
>       Rights Profile.
>     o The service is local only and has no inbound network ports.
>     o The service properties are managed using the value_authorization
>       "solaris.smf.value.vt".
>     o The service implements ttymon(1M) and login(1), which are
>       in nature requires full privileges, and the following
>       method context is used for this service:
>                 <method_context>
>                         <method_credential user='root' group='root' />
>                 </method_context>
> 2. svc:/system/vtdaemon:default
>     This SMF service serves for secure switch between all virtual
>     consoles including the system console .
>     The SMF manifest delivers as:
>         /var/svc/manifest/system/vtdaemon.xml
>     And the method delivers as:
>         /lib/svc/method/vtdaemon

Is vtdaemon a script?  If not, then you should deliver it elsewhere.


Reply via email to