Hi Nathan,
The Sun Cluster organization is introducing a new "cluster" Brand zone,
that is based upon the "native" Brand zone plus hooks for Sun Cluster.
It would be nice if the design were flexible enough so that we
could leverage your proposed tools for a Brand zone other
than "native", or at le
I have built a little code that allows a user to request a zone from a
pre-configured pool of zones. When the user requests a zone the zone is
cloned from a base zone. The user is then free to enter the zone and is
root once inside the zone. From there the user can reboot/manage smf/etc.
I orig
Dan Price wrote:
On Fri 13 Oct 2006 at 02:04PM, Brian Kolaci wrote:
[EMAIL PROTECTED] wrote:
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
cre
On Fri 13 Oct 2006 at 02:04PM, Brian Kolaci wrote:
> [EMAIL PROTECTED] wrote:
> >>I propose that zlogin be split into two different programs, one
> >>for console access and one for running programs and/or shell.
> >>A simple way to do this (and would be backward compatible) would be to
> >>create a
I think the customer would be very interested in this tool, however
one of the gripes is that things of this nature aren't built in
and that they have to construct 'add-ons' to build a base SOE system.
Glenn Brunette wrote:
Brian,
It was basically for this reason that I wrote up a small tool c
[EMAIL PROTECTED] wrote:
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the p
On 10/13/06, Michael Barto <[EMAIL PROTECTED]> wrote:
This probably sacrilege, but some of these zone security issues
might be better served with Secure Solaris, if the security requirements
are this extreme (e.g . DOD). Adding complex security always add
complex overhead. On the other hand l
Brian,
It was basically for this reason that I wrote up a small tool called
rzlogin a while back. This particular tool was focused solely on
restricting access to zone console logins, but it did leverage some
of the ideas called out by David Comay in 4963290 - namely using
Solaris authorization
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and a
Its more of a separation of duties. The zone management admin is
not necessarily the same person as the application admin in a local
zone (however it could be the same person, then this particular item
would be moot). The management is bad, but thats just the way it
is and always was. Audit req
Jeff Victor wrote:
Brian Kolaci wrote:
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They
This probably sacrilege, but some of these zone security issues might
be better served with Secure Solaris, if the security requirements are
this extreme (e.g . DOD). Adding complex security always add complex
overhead. On the other hand locking out the global zone to all purposes
and adminis
Brian Kolaci wrote:
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
t
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the res
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the resources assigned to th
15 matches
Mail list logo
