Darren J Moffat wrote:
> Riny Qian wrote:
>>Please take a look at the updated virtual console spec:
>>Any comments are welcome.
> DJM-1 2.6 /dev/console & root login
> I'm not sure you can allow root login on /dev/console
> and on /dev/vt#.  The /etc/default/login variable CONSOLE
> only specifies a single device and I'm not sure I'm comfortable
> with /dev/console meaning /dev/console and all of /dev/vt.
> However I do see possible value in allowing local root
> logins on multiple vts, so I'll need to think more about
> this.

Since we trust it on /dev/console, we should trust it on /dev/vt#.
Otherwise it would be inconvenient in practice.

> DJM-2 2.7.2 ACLs for usb etc devices
> Are you saying that if user "bob" logins in on vt1 and
> user "alice" logins on vt2 then there will be an ACL of
> both of them on the audio and usb devices ?

Right. Actually at the begining, we wanted to group
all these devices (add a console group in the system,
and dynamically add/remove the logged in user into
the console group upon logging in/out. But ACL seems
better than group, so we chose ACL. [it was recommeded
by Casper Dik.]

> I don't think this is a good idea.  I'm also concerned
> about how this interacts with device allocation and
> Trusted Extensions.

We don't see any impact on the device allocation
and Trusted Extensions.

> Please ask the security community to review this whole
> proposal for possible interactions with Trusted Extensions.

Right. We talked it with people who're working Trusted Extensions
before, and they don't have any issue. But since we changed
the spec, we should communicate with them again.

> DJM-3 2.8 SMF Service
> As per my previous emails I believe that the /dev/vt#
> devices should just be instances of console-login and you
> should not need a separate vconsole-login even due to
> Zones.

If no other impact, we'll change to it.

> DJM-4 2.9 tipline
> How does this interact with consadm(1M) ?

I don't see any impact here.

> DJM-5 2.10 kmdb
> I expected that kmdb and panic would not be displayed
> on the current vt but only on the console and that you
> would still be able to switch to the console to interact
> with kmdb.   However I think this mode might be acceptable
> and even desirable in some cases.

We discussed it with kmdb guys before, and they don't want
to see kmdb is aware of virtual console and the switch.

> DJM-6 2.12 Xorg
> What about Xsun since that is still used on SPARC.

There's no change to Xsun.

> DJM-7 General
> Is the ioctl interface compatible with that on any other
> platform or is it unique to OpenSolaris systems ?


Reply via email to