James Carlson wrote:
> I think the question was whether "fakeroot" could provide the
> application with an environment in which the application 'thought' that
> it had some set of privileges, even though it didn't.
>
> It's a logical extension of "fakeroot" into the Solaris architecture.
> Because of Least Privilege, there's not really the "all powerful root"
> on Solaris as there is on other platforms. The current "fakeroot"
> emulates that old-school all-powerful root by creating an environment
> for the application where it appears as though all privileges were granted.
Actually, if I understood the man page correctly, it sounds like
fakeroot today emulates a subset of the traditional root powers. It's
approximately equivalent to a process with various file_* privileges.
Something like "fakefileprivs" might be a more accurate name, but it's
too cumbersome. :-)
Of course, the set of privileges it emulates is fixed. Danek was asking
whether it could/should be extended to allow the set to be specified.
Scott
--
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
