On 12/06/2012 4:24 AM, Sebastien Roy wrote: > On 6/11/12 2:15 PM, Jim Klimov wrote: >> SEB> It's not possible today, as there is quite a bit of code >> > in the kernel that assumes and enforces the assumptions that >> > the global zone stack is the stack that is shared by shared-IP >> > zones, and that only global zone processes have the ability to >> > manipulate configuration for that stack. >> >> Is it very difficult to find to rewrite that code to use and >> reference the ip_stack[0] instead? ;) >> >> But, anyway, thanks to both of you for the discussion. >> Everyone is still welcome to chime in ;) > > It may not be "difficult", but it may be a voluminous amount of code to have > to modify and test.
There should be a particular amount of emphasis on the word "test" there as the shared stack provides a very specific security model for networking. To throw out some architectural questions... Does the existence of a shared networking stack require the existence of a zone configured with an exclusive networking instance or should networking instances be managed independently of zones? How does the system behave when you shutdown the zone which owns the networking instance that is being shared (assuming that was the model used)? Do all of the zones sharing it also need to be shutdown? What about if you then want to destroy the zone that "owns" the networking instance? ... there are probably more questions along this train of thought that need to be answered before starting to look at code. Darren ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
