Robert Thurlow wrote: > In a related area, and to address an earlier question I raised, I don't > think getting a filesystem via a lofs mount should entitle you to share > it - you should have device access delegated to your zone in order to do > that. Zones folks may disagree.
Rob, In general we recommend not delegating devices into a zone since that opens up various security holes if the zone is compromised. For example, with access to a disk device, it is possible for the zone admin to crash the whole system. We only recommend delegating devices to zones that are trusted and only if it is necessary. However, delegated ZFS datasets don't have this issue. Jerry
