Hi Casper, Well it depends on the restriction. If the restriction would be that the effective set of a calling process has to be a full set then you can't conspire (I mean you don't have to, it's game over already). That would at the same time allow a "root" user to change L set.
When it comes to zones - well, if global zone sys admin wants he can change almost all resources allocated to the zone on the fly anyway. Then once you got a global zone admin rights you can actually change the L set of a process in a zone anyway, it's just that it is not sys admin friendly and one would have to use mdb now. But anyway I don't see a point in protecting from a global sys admin. -- This message posted from opensolaris.org _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
