Stupid question here, but cannot the same effect be achieved by simply removing the noaccess user ?
Regards Gael On 4/3/07, Jeff Victor <[EMAIL PROTECTED]> wrote:
Here's YACUZ (Yet Another Creative Use of Zones): Doug Scott documented a method of building a zone which will never be patched from the global zone. In other words, when a patch is applied to the global zone, it will not be applied to a zone built using this method, even if the patch is for a package which is marked "ALLZONES=true." Note that this method would not be supported by Sun for the following reasons: 1) It uses functionality which is not yet supported by Sun (Branded Zones). 2) It requires you to edit system files which you shouldn't edit; the syntax of those files can change. 3) Eventually, a patch will modify the kernel and libc (or other kernel-dependent libs) in such a way that they will be incompatible with the 'cbe' brand. At that point the zone may no longer work until the 'cbe' brand is modified. However, if those doesn't bother you, or if you want to learn more about how zones *really* work, take a look: http://www.opensolaris.org/os/project/xfce/building_xfce/brandzbuild/ -------------------------------------------------------------------------- Jeff VICTOR Sun Microsystems jeff.victor @ sun.com OS Ambassador Sr. Technical Specialist Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq -------------------------------------------------------------------------- _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
-- Gael Martinez
_______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
