James Carlson wrote:

Enda o'Connor - Sun Microsystems Ireland - Software Engineer writes:
What is the impact on the use of non-global zones and trusted Solaris?

i.e. if I install trusted Solaris, are there any restrictions on the use of non-global zones, expecially with respect to networking?

In effect, you can't use any independent zones on a Solaris system
with TX (Trusted Extensions) installed.

Each zone on a TX system represents a security label.  The system as a
whole (the global zone and _all_ of the non-global zones) appears as a
unified system with multiple labels to the user.  This means that
zones on a TX system are essentially an implementation detail, and
can't be used to create independent Solaris environments.
Right. Solaris TX uses zones differently. Instead of using zones as independent, separate containers, TX uses zones as compartments that segregate objects with different sensitivity labels on the system. Users can log into non-global zones based their clearance. Each zone has networking capabilities simialr to that on a regular Solaris system. On a TX system, all network communications (including inter-zone communications) are controlled by a labeled
security policy.

Jarrett


_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
  • [zones-discus... Enda o'Connor - Sun Microsystems Ireland - Software Engineer
    • Re: [zon... James Carlson
      • Re: ... Enda o'Connor - Sun Microsystems Ireland - Software Engineer
        • ... James Carlson
          • ... Enda o'Connor - Sun Microsystems Ireland - Software Engineer
      • Re: ... Jarrett Lu

Reply via email to