Darren J Moffat wrote:
On 27/07/2010 17:47, Steve Lawrence wrote:
It runs as uid/gid 0. I'll work out which privileges are needed so
I can
drop the rest.
daemon/daemon with privileges would be better. If zonestatd is the
method started by SMF you may also be able to remove the basic
proc_exec privilege if zonestatd as well.
I just reviewed the privileges. zonestatd does a zone_enter() to fetch
resource control info, which requires all privileges. I would need to
implement a getrctl_byid(2) system call to avoid this. The current
getrctl(2) system call uses the context of the caller.
Okay, if this was a full case I would be suggesting TCA maybe TCR to
implement getrctl_byid(2) so that zonestatd didn't have to
zone_enter() and thus need all privilege.
As this is a fast-track I'll suggest the project team log a CR for
getrctl_byid(2) if it doesn't already exist, and log a bug for
zonestatd to switch to using that and then no longer run with all
privilege (basically the equivalent of a TCA without an ARC opinion
document).
Ok. I've filed both CRs. I've been wanting to implement getrctl_byid()
anyway. It would greatly simplify a few commands which currently use a
/proc agent thread.
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
