Kais writes:
> Given the non obviousness of the choices made here, and the thought
> process that went in converging to the changes added to the
> case, this case is derailed.
>
> Mark accepted to prepare the draft opinion to be submitted for vote.
Presumably the draft opinion will answer the set of questions
the project team has not yet answered:
Such as why is sys_devices required to run the view commands?
Why are the modes restricted?
What is the policy?
Why is the policy appropriate?
What, if any, Rights Profiles are appropriate?
Since the claim is required privileges, what about limitprivs?
Perhaps after understanding the why of the device policy,
the view routines may not need any special rights at all.
OR
Jim writes:
> That's basically what /opt/sfw (Companion CD) used to be. Just
> compile, toss it in, and hope it sticks. It wasn't exactly a popular
> solution -- in part because we're not known for being particularly
> spry in fetching new sources and recompiling, even the process barrier
> is reduced effectively to zero.
>
> We've had our run of experiments with software ghettos, and it doesn't
> seem to end well, so I'd suggest not going there again. We know how
> the story ends.
Do we resurrect the software ghetto as some way of saying
stuff isn't really integrated into Solaris, but just there
as a download convenience.
> Since you seem to be leaning on the Linux side of things, I think the
> best answer might be the earlier suggestion I made (and seconded by
> Garrett, Casper, and Darren, though we haven't heard from Gary) to
> avoid an RBAC profile entirely and let the user play "invent an
> architecture" with it. Document what privileges are needed, and wish
> them luck.
I'm not sure this isn't back to the logical equivalent of
the companion CD, or how I use versiontracker.com.
The OpenSolaris Cabinet seems to be throwing around the
concepts of various classes of repositories ranging from
it complies therefore it must be perfect - figure out how
to use and use at your own risk - to business critical and
fully integrated with Solaris Policies and Practices.
What seems to be missing from the review process is the
vocabulary / winnowing fork for such a review.
Do we expect the draft opinion to provide that.
Since I was asked directly about this case: if it falls
in the "it compiles therefore it must be prefect - figure out
how to use and ...." bucket, I'm happy with the suggestion
summarized in Jim's mail. If, however it falls East of there,
there is insufficient information in the case without answers
to the set of questions posed above for me to understand how
integrated sg3 "should be."
Gary..
