Mike, Are you sure you have configured the unlabeled zone ? From a dtterm as root @ admin_high try to zlogin to your unlabeled zone and press return. Don't you have some settings to complete ?
The X11 server is running admin_* so you should not have anything to setup in your non global zones. HTH, Bruno. Mike John a écrit : > I have a system which is running TX on S10u6. It has a global zone and > just one labelled zone at the moment. For reasons we shan't go into, > Trusted CDE is the desktop of choice, rather than TJDS. > > I can happily log in as root and open dtterm windows within a CDE session. > > There is another user configured and the clearance and label of that > user matches the label of the labelled zone. I can log in as that user > and get a desktop presented, but if I launch a terminal from the > workspace menu, the first attempt appear to do nothing, and the second > produces a pop-up saying "Action failed. Reconnect to Solaris Zone?" > > Looking at the log file generated by the labelled zone session, it > appears that the DISPLAY variable is being set to the host name > associated with the global zone primary interface, to which the labelled > zone has no routing. > > I have created an all-zones interface, and if I zlogin to the zone and > set DISPLAY to the host name associated with the all-zones interface, > xclock displays correctly. (Setting it to localhost appears to work too > - I notice that the loopback interface is now configured as all-zones too.) > > If I set DISPLAY to the hostname of the global zone primary interface, > xclock fails to connect to the X server. (truss says that connect() on a > PF_INET6 socket fails with EHOSTUNREACH.) > > So it seems to me that I need to arrange for the DISPLAY variable to be > set to either localhost, or my explicitly created all-zones interface, > for CDE logins involving the labelled zone. > > Questions: am I on the right track, and if so how to achieve this? The > TX laptop instructions mentions /usr/dt/config/Xinitrc.tjds for TJDS. Is > there an equivalent for TCDE? > > Thanks > Mike > > > > _______________________________________________ > security-discuss mailing list > security-disc...@opensolaris.org _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
