James Carlson wrote:
Right. Solaris TX uses zones differently. Instead of using zones as
containers, TX uses zones as compartments that segregate objects with
labels on the system. Users can log into non-global zones based their
clearance. Each zone
has networking capabilities simialr to that on a regular Solaris system.
On a TX system, all
network communications (including inter-zone communications) are
controlled by a labeled
Enda o'Connor - Sun Microsystems Ireland - Software Engineer writes:
What is the impact on the use of non-global zones and trusted Solaris?
i.e. if I install trusted Solaris, are there any restrictions on the use
of non-global zones, expecially with respect to networking?
In effect, you can't use any independent zones on a Solaris system
with TX (Trusted Extensions) installed.
Each zone on a TX system represents a security label. The system as a
whole (the global zone and _all_ of the non-global zones) appears as a
unified system with multiple labels to the user. This means that
zones on a TX system are essentially an implementation detail, and
can't be used to create independent Solaris environments.
zones-discuss mailing list