James C. McPherson wrote:
> On Tue, 21 Jul 2009 19:12:30 -0500
> Nicolas Williams <Nicolas.Williams at Sun.COM> wrote:
>
>
>> On Tue, Jul 21, 2009 at 04:53:48PM -0700, Garrett D'Amore wrote:
>>
>>> I don't understand the point of this. Why is this kind of emulation
>>> helpful? Is this just to create honeypot? Or am I missing something.
>>>
>> No. Remember when ON had to be built as UID 0? It's for that sort of
>> purpose.
>>
>
> ... something that I'm working hard to fully remove. Requiring a
> build as uid 0 has long since past its use-by date.
>
With smarter archiving tools, we wouldn't need it. (Actually, I
regularly build as not-root, but there are some checks that are not
performed as a result -- namely matching the proto and packaging
ownerships. But of course, if you don't need root, then you don't need
those checks either! :-)
The other thing is that one could imagine giving folks their own zones
(sparse root probably!) to do this, which would allow root to be used
"safely".
- Garrett
>
> James C. McPherson
> --
> Senior Kernel Software Engineer, Solaris
> Sun Microsystems
> http://blogs.sun.com/jmcp http://www.jmcp.homeunix.com/blog
> Kernel Conference Australia - http://au.sun.com/sunnews/events/2009/kernel
>
