OpenSolaris

Printable Version Enter a New Search
Bug ID 6787916
Synopsis add_drv(1M) checks privileges against running system even when -b is used
State 10-Fix Delivered (Fix available in build)
Category:Subcategory kernel:module_load
Keywords
Responsible Engineer Jerry Gilliam
Reported Against snv_103
Duplicate Of
Introduced In solaris_10
Commit to Fix snv_107
Fixed In snv_107
Release Fixed solaris_nevada(snv_107)
Related Bugs 4742912 , 6794625
Submit Date 21-December-2008
Last Update Date 28-January-2009
Description 
It appears that add_drv(1M) ends up verifying whether a privilege is valid or not by calling priv_str_to_set() in parse_plcy_token().  It does that even if -b is supplied to provide an alternate root.  The problem is the running system may not know about a new peivilege - for example, in snv_103 the net_observability privilege was introduced and an attempt to call add_drv on earlier systems results in the error

        Error in privilege set specification: [HERE->]net_observability

This issue is serious for OpenSolaris (Indiana) as IPS uses add_drv to implement its driver action and typically one will be calling that with an alternate root on an earlier version of the system.
Work Around 
N/A
Comments 
Strictly speaking the check should probably be run against the priviledge
configuration in the altroot. However checking against the currently running
bits is certainly wrong, so this could be broken up into a bug and a (less high
priority) RFE if it's not trivial to do the check on the non-live configuration.