> After some discussions with Meem over IRC, I've decided to ensure that > no zone can only ever open or see /dev/ipnet nodes that have equivalent > IP interfaces in "ifconfig -a". Additionally, if an IP interface is > removed from a zone (by removing the last IP address from the zone), any > ipnet_t's with that interface open in that zone will be send M_HANGUP. > > In addition, I had to add the SDEV_NO_NCACHE flag to /dev/ipnet's > sdev_flags, as there was a drastically negative side-effect of devname's > negative cache due to this change (and no, a double negative in this > case isn't a positive). :-) If the system has two interfaces, A and B, > and only B has addresses in a non-global zone. Doing ls /dev/ipnet/A > from the non-global zone should return ENOENT, and this change indeed > makes that happen. Unfortunately, the devname negative cache removes A > from the global devname cache as a result, and A is no longer visible in > the global zone anymore. Removing the negative caching fixes this > issue. > > http://zhadum.east/ws/seb/seb-ipobs/webrev.zones/
I reviewed this for Seb over IRC. -- meem
