Garrett D'Amore wrote: > Darren J Moffat wrote: >> James Carlson wrote: >>> It'd be an interesting idea for testing, but I think it'd actually be >>> counter-productive to do this. The problem is that the actual privilege >>> enforcement (and thus the effects of each privilege bit) are hard-coded >>> into the kernel itself. There's no good way to replicate that logic out >>> into a user-space wrapper so that the code somehow 'knows' whether a >>> given system call should have succeeded give a privilege set. >> >> Also for privilege debugging it shouldn't be necessary. This is what >> the "Privilege Debug Mode" is for see ppriv(1). For the cases where >> that isn't sufficient or accurate then the Sun Blueprint >> "Privilege Debugging in the Solaris 10 Operating System"[1] is useful. >> >> [1] http://www.sun.com/blueprints/0206/819-5507.pdf >> >> Not that I'm biased by being a co-author on the above blueprint, but I >> think that is a better way of dealing with privilege debugging that >> attempting to do a "fakeroot" for privileges which by its very nature >> of being upstream will rot and be wrong. >> >> It will also be even more of an issue if/when FMAC makes its way into >> OpenSolaris distributions. >> >> Having said all that I have no problem with fakeroot being delivered. >> I would have possible issues if I see OpenSolaris originated projects >> wanting to depend on fakeroot. > > Agreed. Do you want to derail the case to generate an opinion to this > effect?
Nope I think this email in the case log is sufficient. -- Darren J Moffat
