Ok, so we have a product which runs a daemon as root, which can communicate over TCP sockets and read / write files. This works fine in Solaris 10, but when we ported it across to Solaris 11, a load of write errors occur.
That is to say, the socket communication is fine (Firewall is disabled), and the product can read all the files we need. I noted that in Solaris 11, the root user is disabled, and instead you have to run as the root "role". I am wondering whether this is what is causing the problem; that instead of using su or sudo to start the daemon, we need to do some other setup beforehand.
Is there anyone with experience in Solaris 11, RBAC, etc who could shed some light on what could be going wrong?
Is the daemon fiddling with privileges? Have you tried to run the daemon with privilege debug enabled? Note that if you remove certain privileges, you need to start with "basic"; over time, the set of basic privileges will grow and current unprivileged operations will start to need a new basic privilege; in Solaris 11 we have added file_write, file_read and net_access as basic privileges. Missing the file_write privilege will cause the symptom you have described.