On 27/07/2010 17:47, Steve Lawrence wrote:
It runs as uid/gid 0. I'll work out which privileges are needed so I can
drop the rest.
daemon/daemon with privileges would be better. If zonestatd is the
method started by SMF you may also be able to remove the basic
proc_exec privilege if zonestatd as well.
I just reviewed the privileges. zonestatd does a zone_enter() to fetch
resource control info, which requires all privileges. I would need to
implement a getrctl_byid(2) system call to avoid this. The current
getrctl(2) system call uses the context of the caller.
Okay, if this was a full case I would be suggesting TCA maybe TCR to
implement getrctl_byid(2) so that zonestatd didn't have to zone_enter()
and thus need all privilege.
As this is a fast-track I'll suggest the project team log a CR for
getrctl_byid(2) if it doesn't already exist, and log a bug for zonestatd
to switch to using that and then no longer run with all privilege
(basically the equivalent of a TCA without an ARC opinion document).
--
Darren J Moffat
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org