[illumos-Developer] Integrating identd

[Andrew Gabriel]

River Tarnell wrote:
> I don't have a strong opinion on how the security of this syscall should 
> work; perhaps it could be tied to net_observability (which allows 
> sniffing network traffic) or sys_ip_config.
> 
> For zones, I think when running in a local zone it should only return 
> connections associated with that zone (and return ESRCH for other 
> connections).  In the global zone, perhaps a flag could be used to 
> select whether to return only connection from the global zone (which 
> identd would use), or connections from any zone (which might be useful 
> for other processes).

The protocol does not include any provision for asking about other IP 
addresses AFAICS, so I can't see any way in which it could ask about 
connections in another zone (global, or non-global).

Your proposed syscall is not so constrained though, and you are maybe 
worrying about limiting access to a feature you didn't need to add in 
the first place?

-- 
Andrew