Darren J Moffat wrote: > Riny Qian wrote: > >>All, >> >>Please take a look at the updated virtual console spec: >> >>http://www.opensolaris.org/os/project/vconsole/vconsole-spec.txt >>http://www.opensolaris.org/os/project/vconsole/vt.7i.txt >> >>Any comments are welcome. > > > DJM-1 2.6 /dev/console & root login > > I'm not sure you can allow root login on /dev/console > and on /dev/vt#. The /etc/default/login variable CONSOLE > only specifies a single device and I'm not sure I'm comfortable > with /dev/console meaning /dev/console and all of /dev/vt. > > However I do see possible value in allowing local root > logins on multiple vts, so I'll need to think more about > this.
Since we trust it on /dev/console, we should trust it on /dev/vt#. Otherwise it would be inconvenient in practice. > > DJM-2 2.7.2 ACLs for usb etc devices > > Are you saying that if user "bob" logins in on vt1 and > user "alice" logins on vt2 then there will be an ACL of > both of them on the audio and usb devices ? Right. Actually at the begining, we wanted to group all these devices (add a console group in the system, and dynamically add/remove the logged in user into the console group upon logging in/out. But ACL seems better than group, so we chose ACL. [it was recommeded by Casper Dik.] > > I don't think this is a good idea. I'm also concerned > about how this interacts with device allocation and > Trusted Extensions. We don't see any impact on the device allocation and Trusted Extensions. > > Please ask the security community to review this whole > proposal for possible interactions with Trusted Extensions. > Right. We talked it with people who're working Trusted Extensions before, and they don't have any issue. But since we changed the spec, we should communicate with them again. > DJM-3 2.8 SMF Service > > As per my previous emails I believe that the /dev/vt# > devices should just be instances of console-login and you > should not need a separate vconsole-login even due to > Zones. If no other impact, we'll change to it. > > DJM-4 2.9 tipline > > How does this interact with consadm(1M) ? I don't see any impact here. > > DJM-5 2.10 kmdb > > I expected that kmdb and panic would not be displayed > on the current vt but only on the console and that you > would still be able to switch to the console to interact > with kmdb. However I think this mode might be acceptable > and even desirable in some cases. We discussed it with kmdb guys before, and they don't want to see kmdb is aware of virtual console and the switch. > > DJM-6 2.12 Xorg > > What about Xsun since that is still used on SPARC. There's no change to Xsun. > > DJM-7 General > > Is the ioctl interface compatible with that on any other > platform or is it unique to OpenSolaris systems ? compatible.