On Thu, 2007-04-12 at 17:26 -0500, Nicolas Williams wrote:
> > (the "system" flags on *BSD are tied to securelevel; the closet solaris
> > equivalent would be to define new "set system flag" and "clear system
> > flag" privileges).
>
> There'd have to be a way to drop these privs from L on all running
> processes, which there is, using ppriv(1). So I can see a service whose
> start method loops over listing all processes (but itself), dropping
> these privs from their L until no procs remain with these privs, then
> exit. Is that what you had in mind?
I think there very well may be a bunch of plausible alternative ways to
exclude 'clear system flag bit' from the L set; designing the full
mechanism is probably best done elsewhere...
- Bill
_______________________________________________
zfs-discuss mailing list
[EMAIL PROTECTED]
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
