Riny Qian wrote:
> Darren J Moffat wrote:
>>> So it seems that our ACL proposal for other console devices in
>>> /etc/logindevperm is fine, and it does not introduce any regression.
>> What your proposal does is allow multiple people access
>> to the device at the same time. That isn't possible today.
>> I believe that makes it worse because now you have the
>> potential for them both to be trying to use the device
>> at the same time.
> I think that allocate(1) is mostly used in TX to manage audio like
> devices, where /dev/audio is commented out in /etc/logindevperm. On
> normal systems without TX, allocate(1) is not used, instead,
> logindevperm(4) is used to manage all console devices. So IMO, it seems
> no problem for our proposal, though I agree that makes somewhat worse.
Not at all. allocate(1M) is a standard part of Solaris
and works just fine without TX. It has been in Solaris for
many many releases now.
I really don't believe it is acceptable to make it any
worse than it already is. The current situation is at
a least some what "safe" because even when logindevperm steals
a device from a user it only gives it to one other user.
While there is a risk with this (microphone in particular)
it is less than what your proposal does which is gives
ACLs so that access could be shared.
I believe that when this is ARC reviewed we will end up having
advice in the opinion that another project needs to
be created to clear up this mess - probably in a way
similar to what Casper described in his email.
Darren J Moffat