On Fri, Mar 02, 2007 at 10:43:07PM +0800, Cathy Zhou wrote: > >>I agree. But what kind of operation is seen as a manipulation of the > >>link.? For example, whether global zone can create a VLAN or a > >>aggregation over a physical link after the link is assigned to an > >>exclusive zone? Whether a global zone can export a VLAN over this > >>physical link to anther zone (which currently is valid operation)? > > > >A zone would not be able to create new links that are derivatives or > >composites of links that are not part of the zone's "immediate" > >namespace (where "immediate" means "without the zone name prefix"). > >This restriction would apply to all zones (i.e. including the global > >zone). > > > If I understand correctly, two examples I gave should not be > allowed. Is that right?
The first example (global zone creates a VLAN over a physical link which had been assigned to a non-global zone) would not be allowed. The second example (global zone creates a VLAN over a physical link and assigns the VLAN link to a non-global zone) would be allowed. The first case is the global zone attempting to create a derivative of a link that is outside its' namespace. The second case is the global zone creating a derivative of a link that is inside its' namespace. It can then assign the derivative link to another zone (at which point the derivative link would be removed from the namespace of the global zone and added to that of the non-global zone). > >If the split is clear then I don't see why non-global zone created > >links would not be shown in the global zone (with the non-global zone > >prefix, obviously). > > > Except the dladm show-link operation, in your mind what other > operation could see local zone links in a global zone? Most of me wants to say "none". I didn't look at how zoneadmd and IP instances interact, but perhaps that could would also need to be able to manipulate non-global zone link somehow. Perhaps there are also some observability tools that a global zone administrator may wish to use without "entering" the non-global zone. dme.
