Darren J Moffat wrote: > Riny Qian wrote: >> All, >> >> Please take a look at the updated virtual console spec: >> >> http://www.opensolaris.org/os/project/vconsole/vconsole-spec.txt >> http://www.opensolaris.org/os/project/vconsole/vt.7i.txt >> >> Any comments are welcome. > > DJM-1 2.6 /dev/console & root login > > I'm not sure you can allow root login on /dev/console > and on /dev/vt#. The /etc/default/login variable CONSOLE > only specifies a single device and I'm not sure I'm comfortable > with /dev/console meaning /dev/console and all of /dev/vt. > > However I do see possible value in allowing local root > logins on multiple vts, so I'll need to think more about > this. > > DJM-2 2.7.2 ACLs for usb etc devices > > Are you saying that if user "bob" logins in on vt1 and > user "alice" logins on vt2 then there will be an ACL of > both of them on the audio and usb devices ? > > I don't think this is a good idea. I'm also concerned > about how this interacts with device allocation and > Trusted Extensions. > > Please ask the security community to review this whole > proposal for possible interactions with Trusted Extensions. >
As we discussed with Trusted Extensions group before, they said there is no user login on console in a full configured Trusted Extensions system, including root who will work like a role. So the change for /etc/logindevperm will not affect their system. Anyway, we will send them the latest spec for review. > DJM-3 2.8 SMF Service > > As per my previous emails I believe that the /dev/vt# > devices should just be instances of console-login and you > should not need a separate vconsole-login even due to > Zones. > > DJM-4 2.9 tipline > > How does this interact with consadm(1M) ? > > DJM-5 2.10 kmdb > > I expected that kmdb and panic would not be displayed > on the current vt but only on the console and that you > would still be able to switch to the console to interact > with kmdb. However I think this mode might be acceptable > and even desirable in some cases. > > DJM-6 2.12 Xorg > > What about Xsun since that is still used on SPARC. > > DJM-7 General > > Is the ioctl interface compatible with that on any other > platform or is it unique to OpenSolaris systems ? > > >
