Michael Barto wrote:

> This  probably sacrilege, but some of these zone
> security issues might 
> be better served with Secure Solaris,  if the
> security requirements are 
> this extreme (e.g . DOD). Adding complex security
> always add complex 
> overhead. On the other hand locking out the global
> zone to all purposes 
> and administrators except for managing zones (nothing
> else) creates less 
> security overhead. Diving servers into manage sets
> (this group, that 
> group, accounts payable, accounts receivable) instead
> of sharing between 
> groups can also keep the security overhead low.
> Everyone thinks they can 
> write programs to correct bad management instead of
> trying to correct 
> bad management.

I assume by *Secure Solaris* you are referring to Solaris Trusted Extensions 
(TX). As you point out the TX model for administration is completely different 
from standard Solaris. The global zone is only available to administrative 
roles. Normal users, non-global zones, and untrusted hosts cannot login to the 
global zone. Roles may be assumed via trusted desktop menus. RBAC roles are 
used for separation of duty, and zones are even more isolated from each other 
than in the standard Solaris configuration. No data flows between zones are 
permitted unless explicitly granted and managed by a global zone administrator. 
This message posted from opensolaris.org
zones-discuss mailing list

Reply via email to