The scenario you are describing is exactly waht Solaris Trusted Extensions does. See:

http://www.opensolaris.org/os/community/security/projects/tx/

--Glenn

Rob Fisher wrote:

I asked this question before, but I never got a satisfactory answer. Seems 
there are a lot more people around with a lot deeper knowledge of zones, so it 
might just be worth asking it again.

Here's the scenario:

I have a laptop. When it boots, it gives you the console login: prompt. (I 
don't use dtlogin.) When you log in, obviously, you log in to the global zone. 
When you run xinit, your X session runs in the global zone.

What I want is to log in at the console, and be in a local zone. Then launch X, 
and have my session in a local zone.  I don't want to pass through the global 
zone at all. That should be locked down tight and hidden away.

Is this possible? Can the console login be attached to a zone?

I don't want XDMCP, scripts, zlogin, or anything like that, just a clean way of 
booting up, sitting down, logging in, and not being in the global zone. I can 
think of hacks to achieve the same result, but I'm interested in this from a 
theory viewpoint too.

Does anyone know if what I want to do is possible?

thanks


Rob


This message posted from opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to