The hostname for the local zone must be the same as the all-zones address, really there's no such thing as an address "in the global zone" for all-zones, it's really in all zones.
The additional address in the local zone must be *additional* it cannot be the hostname. >Date: Fri, 18 May 2007 09:19:25 +0100 >From: Darren J Moffat <Darren.Moffat at sun.com> >Subject: Re: [security-discuss] BSM Bug? >To: Robert Bailey <robert.bailey at mac.com> >Cc: security-discuss at opensolaris.org >Delivered-to: security-discuss at opensolaris.org >X-Original-To: security-discuss at opensolaris.org >List-Unsubscribe: <http://mail.opensolaris.org/mailman/listinfo/security-discuss>, <mailto:security-discuss-request at opensolaris.org?subject=unsubscribe> >List-Id: OpenSolaris Security Discussions <security-discuss.opensolaris.org> > >Robert Bailey wrote: >> I was wondering if anyone has run into this. I have two TX systems, >> each with the same BSM configuration, that has zonename enabled. >> On one TX system I have my local zones configured to run without IP >> addreses. In the global, there is one IP for all-zones, one without the >> all-zones tag. This system can report via BSM, on all transactions >> within a local zone. >> >> The second system, has the same BSM configuration, but for the local >> zone configuration there is an IP on the local zone, the global has one >> with an all-zones. This system does not report any audit trail for the >> local zone except for one entry for zoneadmd. > >Can you send the output of `auditconfig -lspolicy` for both machines. >Also ifconfig -a from the global zone for both machines. > >If I understand correctly you have: `auditconfig -setpolicy +zonename` >for both but have only a global zone audit log configured ? > > > >-- >Darren J Moffat >_______________________________________________ >security-discuss mailing list >security-discuss at opensolaris.org
