> A restriction on use of dladm from within a non-global zone seems > artificial to me, unless there are technical issues preventing its use > that I don't yet understand. What reason would there be to restrict the > use of dladm within non-global zones? Is it technical? > My understanding is that IPtuns are not directly related to any physical devices, so that they are not as controversial. Once we decide to support all dladm subcommands in an exclusive local zone, we need to answer questions like when the global zone assign a physical link to a local zone, does it grant all administration of this link to the local zone? and questions like how to represent the local-zone links in the global zone.
> Okay. I have no problem with your original proposal of having separate > namespaces for each zone, and not allowing observability of those > namespaces in the global zone. > After reading dme's mail, I think this proposal might be okay for now if we only decide to support "ifconfig ip.tunx plumb" in a local zone, and may be changed if we decide to support all dladm subcommands in local zones. Thanks - Cathy
