IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the resources assigned to the zone, as well
as
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the
Brian Kolaci wrote:
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
This probably sacrilege, but some of these zone security issues might
be better served with Secure Solaris, if the security requirements are
this extreme (e.g . DOD). Adding complex security always add complex
overhead. On the other hand locking out the global zone to all purposes
and
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and
On 10/13/06, Michael Barto [EMAIL PROTECTED] wrote:
This probably sacrilege, but some of these zone security issues
might be better served with Secure Solaris, if the security requirements
are this extreme (e.g . DOD). Adding complex security always add
complex overhead. On the other hand
I think the customer would be very interested in this tool, however
one of the gripes is that things of this nature aren't built in
and that they have to construct 'add-ons' to build a base SOE system.
Glenn Brunette wrote:
Brian,
It was basically for this reason that I wrote up a small tool
