> Then you need two different sets of policy files and to have your > initialisation bind the right ones into place. I'm doing this now for > a set of diverse machines with different keys, policies, etc. all > sharing a single file server.
That does not contradict my statement that it does not scale. Much as I appreciate the philosophical value of bind/mount, a trillion instances of a configuration file are going to be unmanageable. Ron is right that there is no slick solution, but it's worth knowing that the current approach deserves exploring further. ++L
