Garrett D'Amore wrote on Wed Jul 22 2009 08:35:58 GMT-0700 (PDT) : > Darren J Moffat wrote: >> Garrett D'Amore wrote: >>> Darren J Moffat wrote: >>>> James Carlson wrote: >>>>> It'd be an interesting idea for testing, but I think it'd actually be >>>>> counter-productive to do this. The problem is that the actual >>>>> privilege >>>>> enforcement (and thus the effects of each privilege bit) are >>>>> hard-coded >>>>> into the kernel itself. There's no good way to replicate that logic >>>>> out >>>>> into a user-space wrapper so that the code somehow 'knows' whether a >>>>> given system call should have succeeded give a privilege set. >>>> >>>> Also for privilege debugging it shouldn't be necessary. This is what >>>> the "Privilege Debug Mode" is for see ppriv(1). For the cases where >>>> that isn't sufficient or accurate then the Sun Blueprint >>>> "Privilege Debugging in the Solaris 10 Operating System"[1] is useful. >>>> >>>> [1] http://www.sun.com/blueprints/0206/819-5507.pdf >>>> >>>> Not that I'm biased by being a co-author on the above blueprint, but >>>> I think that is a better way of dealing with privilege debugging >>>> that attempting to do a "fakeroot" for privileges which by its very >>>> nature of being upstream will rot and be wrong. >>>> >>>> It will also be even more of an issue if/when FMAC makes its way >>>> into OpenSolaris distributions. >>>> >>>> Having said all that I have no problem with fakeroot being >>>> delivered. I would have possible issues if I see OpenSolaris >>>> originated projects wanting to depend on fakeroot. >>> >>> Agreed. Do you want to derail the case to generate an opinion to this >>> effect? >> >> Nope I think this email in the case log is sufficient. >> > Ok, thanks. I haven't heard the project team agree to the various > changes, specifically that faked should be in /usr/lib, and making sure > that references to TCP are removed from any usage messages. >
Apologies for not being able to respond earlier. The project team agrees with the ARC's recommendation as to the location of faked and the removal of TCP references from the man page and usage. -Ravindra.
