--TmwHKJoIRFM7Mu/A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 13, 2006 at 09:28:24PM +0100, Robert Watson wrote:

> A couple of points:
>=20
> First, the system present in Solaris is, in effect, a variant of some dra=

ft=20
> of POSIX.1e (or possibly vice versa), albeit with differently named=20
> constants. All the comments I made regarding POSIX.1e apply to it. =20
> Specifically, the priv(9) kernel API offers much more fine-grained=20
> assignment of rights relating to system administration, etc, correspondin=

g=20
> specifically to the set of privileges defined in our kernel.


Agreed.

> Second, privileges(5) describes an alternative privilege model exposed to=

=20
> userspace, whereas the work I've described is an in-kernel API for=20
> privilege checking. It doesn't imply (or, for that matter, implement) a=

=20
> change in the OS privilege model, although clearly it would facilitate=20
> doing that in the future. Since priv(9) is not an application API, it's=

=20
> not clear that application portability is an immediate concern.


That's the difference I was looking for, thanks.

> I think it's useful to compare the Solaris privilege set, and also consid=

er=20
> whether in the future we want to adopt a privilege model along similar=20
> lines. However, given that the privilege models across various UNIX and=

=20
> non-UNIX systems are all similar and yet completely different, I'm not su=

re=20
> that being similar and yet different from Solaris is particularly a probl=

em=20
> -- more, say, than being similar but different from IRIX, Linux, Windows,=

=20
> etc.


True enough. Thanks.

Ceri
--=20
That must be wonderful! I don't understand it at all.
-- Moliere

--TmwHKJoIRFM7Mu/A
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFCmVzocfcwTS3JF8RAm2WAJ0VyFfVnLFaUhqJNnAr2A cVYkEiYwCZAZXd
Osof4g2d8KRP9U5HbWH/JSA=
=4dhl
-----END PGP SIGNATURE-----

--TmwHKJoIRFM7Mu/A--