Wyllys Ingersoll writes: > > i think this would be a good stop-gap measure. it would simplify the > > deployment of tss based application in one non-global zone. > > > > as an implementation detail, you'll probably want to enhance zoneadm to > > detect > > when a zone is booting with a tpm device allocated to it, and have it verify > > that there are no other booted zones with tpm devices and that the tss > > daemon > > is not running in the global zone. (this keeps things user friendly, and > > zoneadm already does similar checks to verify that other required smf > > services > > are running.) > > > > ed > > > > > The tpm device itself will not allow multiple readers, so I'm not sure > if any external > tool modification (zoneadm, etc) is even necessary. The device will > respond to the first > app to open it, no other apps can open the device until it gets closed > again.
Is opening it and doing nothing an effective DoS? -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
