Artem Kachitchkine wrote: > Darren J Moffat wrote: >> Why can't this case and the braseo one use the services provided by >> svc:/network/rpc/smserver ? See rpc.smserverd(1M). > > Please don't use smserver/libsmedia to gain USCSI privileges. > > (Longer answer: > http://www.mail-archive.com/opensolaris-discuss at > opensolaris.org/msg06641.html) > > > sys_devices is needed to issue raw SCSI ioctls. I'm not sure about > Linux, perhaps DAC permissions are sufficient there.
Giving out sys_devices isn't IMO the correct answer either - particularly given that sys_devices is such a big powerful privilege. Instead I'd rather see a privilege specifically for these USCSI ioctls. However that still leaves the issue of why aren't the DAC permissions enough ? Why do we need more protection than that here ? Maybe the new uscsi privilege should be in the basic set ? -- Darren J Moffat
