U.V. Ravindra wrote:
> Garrett D'Amore wrote on Wed Jul 22 2009 08:35:58 GMT-0700 (PDT) :
>> Darren J Moffat wrote:
>>> Garrett D'Amore wrote:
>>>> Darren J Moffat wrote:
>>>>> James Carlson wrote:
>>>>>> It'd be an interesting idea for testing, but I think it'd
>>>>>> actually be
>>>>>> counter-productive to do this. The problem is that the actual
>>>>>> privilege
>>>>>> enforcement (and thus the effects of each privilege bit) are
>>>>>> hard-coded
>>>>>> into the kernel itself. There's no good way to replicate that logic
>>>>>> out
>>>>>> into a user-space wrapper so that the code somehow 'knows' whether a
>>>>>> given system call should have succeeded give a privilege set.
>>>>>
>>>>> Also for privilege debugging it shouldn't be necessary. This is what
>>>>> the "Privilege Debug Mode" is for see ppriv(1). For the cases where
>>>>> that isn't sufficient or accurate then the Sun Blueprint
>>>>> "Privilege Debugging in the Solaris 10 Operating System"[1] is
>>>>> useful.
>>>>>
>>>>> [1] http://www.sun.com/blueprints/0206/819-5507.pdf
>>>>>
>>>>> Not that I'm biased by being a co-author on the above blueprint, but
>>>>> I think that is a better way of dealing with privilege debugging
>>>>> that attempting to do a "fakeroot" for privileges which by its very
>>>>> nature of being upstream will rot and be wrong.
>>>>>
>>>>> It will also be even more of an issue if/when FMAC makes its way
>>>>> into OpenSolaris distributions.
>>>>>
>>>>> Having said all that I have no problem with fakeroot being
>>>>> delivered. I would have possible issues if I see OpenSolaris
>>>>> originated projects wanting to depend on fakeroot.
>>>>
>>>> Agreed. Do you want to derail the case to generate an opinion to this
>>>> effect?
>>>
>>> Nope I think this email in the case log is sufficient.
>>>
>> Ok, thanks. I haven't heard the project team agree to the various
>> changes, specifically that faked should be in /usr/lib, and making sure
>> that references to TCP are removed from any usage messages.
>>
>
> Apologies for not being able to respond earlier.
>
> The project team agrees with the ARC's recommendation as to the
> location of faked and the removal of TCP references from the man
> page and usage.
This case was approved at PSARC today.
- Garrett
>
>
> -Ravindra.
>
