I have posted a new version of the Trusted Extensions Zone Manager script which incorporates all of the functionality of the old Network Manager script, txnetmgr, as well some new features. The URL is still http://opensolaris.org/os/community/security/projects/tx/txzonemgr .
There is a new item, Manage Network Interfaces, in the first dialog. This provides additional dialogs to create new logical interfaces, to assign trusted networking templates, and to share interfaces with all zones. There are two new items to set the limit privileges for a zone. The fist item, Permit Relabeling, adds the required privileges to permit file relabeling and multilevel drag and drop (in CDE). To restore the limit privileges back to the default set, use the new item,Deny Relabeling. Both of these are only available when the zone is installed, but not halted. There is a new item, Add Network..., that provides a dialog for adding additional interfaces to a zone. Again, the zone must be halted to use this option. The Initialize item is no longer selectable. Instead, the initialize logic occurs automatically after the zone is installed. The script assigns the new zone the same nameservice configuration as the global zone. If the global zone is not an LDAP client, then the global zone passwd and shadow files are loopack mounted (read-only) into each zone to support ssh which requires credentials that are not cached by nscd. This is not done for LDAP clients since the credentials are provided by the Directory Server from the labeled zone. The new script also will also works with any label encodings file, but requires a recent version of the chk_encodings program to determine the maximum label in the encodings. This is available in Nevada, but not yet in Solaris 10. To determine if you have the lastest version try chk_encodings -X The new versions of txzonemgr and chk_encodings should be in the next Solaris 10 update and the next Solaris Express release. This message posted from opensolaris.org
