Piotr Jasiukajtis wrote: > 2008/6/26, Darren J Moffat <darrenm at opensolaris.org>: >> Piotr Jasiukajtis wrote: >> >>> Hi, >>> >>> is there any way to hide informations about zfs filesystems (like 'zfs >>> list', 'zfs get') to the users in the global zone? >>> >> No there isn't. >> >> Why do you think this is actually useful ? or put another way what >> perceived risk are you trying to protect against ?
> Well, I would like to give someone access to the global zone and to > hide as much as possible. Why do they need access to the global zone at all then ? > It would be usefully to have privileges like 'PRIV_PROC_INFO' but > addressed to ZFS filesystems. I don't think privileges is the correct way to address this. The FMAC project on OpenSolaris may eventually be able to provide the type of very fine grained restrictions you want though. -- Darren J Moffat
