Menno Lageman wrote: > Robert Gordon wrote: >> >> So could we all agree that: >> >> An NFS Server in a zone means that the namespace it exports is >> restricted >> to that zone only. By that i mean no global zone access to that >> namespace, >> nor would that namespace be re-exported within another NFS Server zone >> instance ? > > I have some trouble parsing that, but my perception of the desired > behaviour is: > - a zone can only export resources that are within that zone (i.e. > everything below it's zonepath), > - a resource exported from a zone, may not at the same time be exported > from the global zone; i.e. if zone a exports /export/foo then > /zones/a/root/export/foo may not be exported by the global zone) > - zone A and zone B may both export their own /export/foo since those > are two distinct resources.
and also that the NFSMAPID_DOMAIN may be different for each zone. and all security modes are available to all zones, in particular each zone that is an NFS server maybe in a different Kerberos REALM. -- Darren J Moffat
