This is a discussion on Re: New in-kernel privilege API: priv(9) - FreeBSD ; --TmwHKJoIRFM7Mu/A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 13, 2006 at 09:28:24PM +0100, Robert Watson wrote: > A couple of points: >=20 > First, the system present in Solaris is, in effect, a variant of some dra= ...
Content-Type: text/plain; charset=us-ascii
On Wed, Sep 13, 2006 at 09:28:24PM +0100, Robert Watson wrote:
> A couple of points:
> First, the system present in Solaris is, in effect, a variant of some dra=
> of POSIX.1e (or possibly vice versa), albeit with differently named=20
> constants. All the comments I made regarding POSIX.1e apply to it. =20
> Specifically, the priv(9) kernel API offers much more fine-grained=20
> assignment of rights relating to system administration, etc, correspondin=
> specifically to the set of privileges defined in our kernel.
> Second, privileges(5) describes an alternative privilege model exposed to=
> userspace, whereas the work I've described is an in-kernel API for=20
> privilege checking. It doesn't imply (or, for that matter, implement) a=
> change in the OS privilege model, although clearly it would facilitate=20
> doing that in the future. Since priv(9) is not an application API, it's=
> not clear that application portability is an immediate concern.
That's the difference I was looking for, thanks.
> I think it's useful to compare the Solaris privilege set, and also consid=
> whether in the future we want to adopt a privilege model along similar=20
> lines. However, given that the privilege models across various UNIX and=
> non-UNIX systems are all similar and yet completely different, I'm not su=
> that being similar and yet different from Solaris is particularly a probl=
> -- more, say, than being similar but different from IRIX, Linux, Windows,=
True enough. Thanks.
That must be wonderful! I don't understand it at all.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
-----END PGP SIGNATURE-----