Kyle,
Sorry for the delay. I have been busy with other things
5.2.6.1 Special �aiuser� account
.
.
The script will only have limited �write� access to the system however,
to prevent misuse of the script doing anything other than deriving a
manifest file.
Why care?
If the system at this point is booted over the network (or media for
that matter,) and running from a ramdisk, nothing the script might
change will be permanent, or could affect the system.
Why is this 'Jail' required? let alone desirable?
If someone somewhere comes up with some great new thing that it makes
sens to piggy back on this (related or not) why prevent that? That's not
far fetched - I think JumpStart (but can't name any specific examples)
was used a s building point for a number of other things. What's wrong
with that?
If someone had a need to run an additional module or add-on
software that they've developed, I think it's more appropriate to
build a custom install boot image with the execution phase they
require; an SMF service that runs before the installer's service
would do. It is quite simple to use DC to build such an image.
I can understand wanting to only support a limited usage model, but do
you have to actively put up barriers?
What's the difference between me developing and testing and debugging a
script that breaks because a command is no longer available, and me
developing testing and debugging a script that breaks because the
command I wanted to run is not allowed to be used?
Seems like the same amount of hassle and work to me. I think you'll have
more frustrated users complaining when the commands are there and
available but they aren't allowed to use them, then if they are there
and unsupported, and change in some way some day.
That said, as long as HW details can be determined, Other NFS
directories mounted, and temporary files created, cat'd, grep'd, sed'd,
and awk'd. I can't (off the top of my head) think of any reason why it
would cause any problems for what I want to do.
These are the underlying requirements we intend to fulfill.
This derivation process isn't intended to fulfill a generic 'begin'
phase of execution. The use of the user account is put there
to bound that scope.
-ethan
I'm excited to read further. Thank you!
-Kyle
thanks,
-ethan
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
_______________________________________________
install-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/install-discuss
