Gary Winiger writes: > > We can check if we're in the global zone in the smf start method > > (console-login); if not, disable all virtual console instances. > > In general services are delivered disabled. It would seem > more appropriate to enable the virtual instances when configured > rather than disable them where inappropriate.
We don't ship a system with the console itself disabled by default, do we? ;-} For ease of use, I'd rather see virtual console instances created and started when invoked from the keyboard, if that's at all possible. Having to preconfigure a set number of them feels way too much like the bad-old-days of BSD pseudoterminal allocation. Plus, the point where I'll need these things is almost certainly precisely the point where I'll be unable to start any. What is the security issue that's fixed by forcing explicit allocation of individual virtual console instances? Might that issue be better dealt with some sort of resource limit? -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
