illumos gate

NFSv4-style ACLs can be set on device nodes (/devices/*) and can be "remembered" across reboots.
However, these ACLs are "remembered" for particular device node pathnames, and after a reboot some different device can become attached to a name with a particular pathname (i.e. ZVOLs are assigned names in order of access during the current uptime). As a result, users may not have the expected device access after reboot, and other users may gain unexpected access to devices (or ZVOL data) they were not supposed to have. Interestingly, the owner UID:GID values are not "remembered" across boots (at least, not for ZVOLs).
I believe this situation is a possible security risk, and the ability to "remember" ACLs on device nodes should either be fixed somehow (so that the access rights are applied the same way to the same devices across reboots), or (configurably?) disabled until a solution appears.
Detailed discussion link: http://permalink.gmane.org/gmane.os.openindiana.general/10002
Separate RFE to remember device node ownership and ACLs for ZVOLs: https://www.illumos.org/issues/3283