svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
update_drv(8)
System Administration Commands update_drv(8)
NAME
update_drv - modify device driver attributes
SYNOPSIS
update_drv [-f | -v] [-n] driver_module
update_drv [-b basedir] [-f | -v] [-n] -a [-m 'permission']
[-i 'identify-name'] [-P 'privilege'] [-p 'policy'] driver_module
update_drv [-b basedir] [-f | -v] [-n] -d [-m 'permission']
[-i 'identify-name'] [-P 'privilege'] [-p 'policy'] driver_module
DESCRIPTION
The update_drv command informs the system about attribute changes to an
installed device driver. It can be used to re-read the driver.conf(5)
file, or to add, modify, or delete a driver's minor node permissions or
aliases.
Without options, update_drv reloads the driver.conf file.
Upon successfully updating the aliases, the driver binding takes effect
upon reconfig boot or hotplug of the device.
Upon successfully updating the permissions, only the new driver minor
nodes get created with the modified set of file permissions. Existing
driver minor nodes do not get modified.
OPTIONS
The following options are supported:
-a
Add a permission, aliases, privilege or policy entry.
With the -a option specified, a permission entry (using the -m
option), or a driver's aliases entry (using the -i option), a
device privilege (using the -P option) or a a device policy (using
the -p option), can be added or updated. If a matching minor node
permissions entry is encountered (having the same driver name and
the minor node), it is replaced. If a matching aliases entry is
encountered (having a different driver name and the same alias), an
error is reported.
The -a and -d options are mutually exclusive.
-b basedir
Installs or modifies the driver on the system with a root directory
of basedir rather than installing on the system executing
update_drv.
Note -
The root file system of any non-global zones must not be refer‐
enced with the -b option. Doing so might damage the global zone's
file system, might compromise the security of the global zone,
and might damage the non-global zone's file system. See zones(7).
-d
Delete a permission, aliases, privilege or policy entry.
The -m permission, -i identify-name, -P privilege or the -p
policy option needs to be specified with the -d option.
The -d and -a options are mutually exclusive.
If the entry doesn't exist update_drv returns an error.
-f
Force the system to reread the driver.conf file even if the driver
module cannot be unloaded. See NOTES section for details.
Without this option, when removing an alias for a driver,
update_drv updates the binding files for the next boot, but returns
an error if one or more devices that reference the driver-alias
binding remains. With the -f option, update_drv does not return an
error if such devices remain.
-i 'identify-name'
A white-space separated list of aliases for the driver. If -a or -d
option is not specified then this option is ignored. The identify-
name string is mandatory. If all aliases need to be removed,
rem_drv(8) is recommended.
-m 'permission'
Specify a white-space separated list of file system permissions for
the device node of the device driver. If -a or -d option is not
specified then, this option is ignored. The permission string is
mandatory.
-n
Do not try to load and attach device_driver, just modify the system
configuration files for that driver.
-p 'policy'
With the -a option, policy is a white-space separated list of com‐
plete device policies. For the -d option, policy is a white space
separated list of minor device specifications. The minor device
specifications are matched exactly against the entries in
/etc/security/device_policy, that is., no wildcard matching is per‐
formed.
-P 'privilege'
With the -a option, privilege is a comma separated list of addi‐
tional driver privileges. For the -d option, privilege is a single
privilege. The privileges are added to or removed from the
/etc/security/extra_privs file.
-v
Verbose.
EXAMPLES
Example 1 Adding or Modifying an Existing Minor Permissions Entry
The following command adds or modifies the existing minor permissions
entry of the clone driver:
example# update_drv -a -m 'llc1 777 joe staff' clone
Example 2 Removing All Minor Permissions Entries
The following command removes all minor permission entries of the
usbprn driver, the USB printer driver:
example# update_drv -d -m '* 0666 root sys' usbprn
Example 3 Adding a Driver Aliases Entry
The following command adds a driver aliases entry of the ugen driver
with the identity string of usb459,20:
example# update_drv -a -i '"usb459,20"' ugen
Example 4 Re-reading the driver.conf File For the ohci Driver
The following command re-reads the driver.conf(5) file.
example# update_drv ohci
Example 5 Requiring a Self-defined Privilege to Open a tcp Socket
The following command requires a self-defined privilege to open a tcp
socket:
example# update_drv -a -P net_tcp -p \
'write_priv_set=net_tcp read_priv_set=net_tcp' tcp
Example 6 Establishing a Path-oriented Alias
The following command establishes a path-oriented alias to force a spe‐
cific driver, qlt, to be used for a particular device path:
example# update_drv -a -i '"/pci@8,600000/SUNW,qlc@4"' qlt
Example 7 Restricting Access to Kernel Memory
The following command sets the access policy for /dev/kmem so that a
process must have a clearance of ADMIN_HIGH to read kernel memory, and
both ADMIN_HIGH and all privileges to get write access. In addition if
the zone is immutable then the process or its ancestor must have been
started from the Trusted Path (with PRIV_PROC_TPD) to get write access.
example# update_drv -a -p 'kmem read_priv_set=none \
write_priv_set=all admin_high=true tpd_member=true' mm
EXIT STATUS
The following exit values are returned:
0
Successful completion.
>0
An error occurred.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/device-administration
SEE ALSO
driver.conf(5), attributes(7), privileges(7), add_drv(8), modunload(8),
rem_drv(8)
NOTES
If -a or -d options are specified, update_drv does not reread the
driver.conf file.
A forced update of the driver.conf file reloads the driver.conf file
without reloading the driver binary module. In this case, devices which
cannot be detached reference driver global properties from the old
driver.conf file, while the remaining driver instances reference global
properties in the new driver.conf file.
It is possible to add an alias which changes the driver binding of a
device already being managed by a different driver. A force update with
the -a option tries to bind to the new driver and report error if it
cannot. If you specify more than one of the -m, -i, -P or -p options, a
force flag tries to modify aliases or permissions. This is done even if
the other operation fails and vice-versa.
Oracle Solaris 11.4 27 Nov 2017 update_drv(8)