> > I'd like to have some discussion of the System D-Bus in a TX environment
> > - sorry for the long To: list but I'm not sure all the people with D-Bus
> > and TX experience are necessarily on security-discuss.
> >
> > Currently zones that represent TX labels have a session D-Bus but no
> > access to the system D-Bus.
> >
> > * What could we gain by providing access to the system D-Bus in a
> > labeled zone ?
> > What would work that is useful that doesn't now ?
> > What new things could we do using D-Bus that would benefit labeled
> > zones ?
> > Are there existing things we could solve easier ?
>
> Artem should confirm since he knows better than I, but I think the only
> thing that uses the system bus on Solaris is HAL. So, I suspect that
> removable media support in zones may not work in a reasonable way.
> But it's perhaps also unclear how removable media should be mounted
> in a multi-zone environment.
So Y'all know that there's a Solaris Hardening Program (which
includes TX) project that's been underway for a while working
with various folk on "device allocation", so if HAL and
devices are part of the commentary from Darren, I suggest that
whomever is interested in carrying on the discussion contact Craig
Payne as he's managing the work.
Gary..
