Hi Steffen, Sorry for the delay in responding but I was on holiday.
Steffen Weiberle wrote: > Kool. Snooping on loopback works. Yes. It's kind of neat and eye opening. When I first started looking at this I was amazed at how much stuff was going on that I wasn't aware of. > "limitpriv: default,net_rawaccess", but could not snoop in the >non-global zone. Guess thats gotta wait a bit. Um I'm fairly sure I've run snoop on the lo0 device in a non-global zone successfully in the past and didn't have to do anything with privileges. What error do you get? The only thing about this at the moment is that in the non-global zone you see all local traffic right now. > Thought it was in the zones/least privilege part. I'm just curious >which privileges are already delegatable to a zone. The only privilege related part that we're doing for this is to introduce a new finer grain privilege that just allows read access. You won't have to grant net_rawaccess and give away much more privilege than is needed. Thanks for installing these bits. Phil
