On Thu, 30 Mar 2017, Joshua M. Clulow wrote:
On 30 March 2017 at 14:46, Bob Friesenhahn <bfrie...@simple.dallas.tx.us> wrote:
Something I see is that with normal Solaris zones, one can provide root
access to a relatively untrusted third-party since everything important can
be locked-down. This approach should currently not be used with LX Zones.
Why is that? There shouldn't be any difference between a native zone
and an LX zone with respect to untrusted workloads. The containment
model is the same in both cases.
I made an over-statement. The threat level to the global zone and
network is similar. What is not similar is that well known Linux
system admistration methods may cause the Linux install to stop
working. Merely installing a package which uses network interfaces
might cause harm to the Linux installation.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
OmniOS-discuss mailing list
OmniOS-discuss@lists.omniti.com
http://lists.omniti.com/mailman/listinfo/omnios-discuss
