Tim Foster wrote:
> I don't like needing to use 'all' privileges, but they're necessary in
> order to keep /system/volatile as our temporary directory; the
> alternative of using a known-location in /tmp would be worse imho.
Sorry I'm getting to this so late, but couldn't we use mwac to limit reduce
the privileges below "all": "{zone}:/system/volatile/<dir>"? If "<dir>"
isn't a fixed directory, we'd still need some shenanigans to drop privs
from writing /system/volatile, but either way it'd be safer than "all".
Danek
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
