>That said, I can't think of any better answers, short of loopback mounting >all of /etc into each zone in some alternate location, and then making >/etc/passwd and /etc/shadow (and maybe other things) be symlinks. Of >course, you'd want to remove /usr/bin/passwd in that case, but that's a >good idea anyway, for reasons you already described.
How would we get around the fact that the global zone /etc might have information we do not want the local zones to have? ike keys, ipsec information, possibly some hostnames and addresses, configuration in /etc/dt, apache configuration, lots of things come to mind. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Jan Parcel, Sustaining, Trusted OE Internal Trusted Support Pages: http://trusted.sfbay
