Michael Barto wrote: > This probably sacrilege, but some of these zone > security issues might > be better served with Secure Solaris, if the > security requirements are > this extreme (e.g . DOD). Adding complex security > always add complex > overhead. On the other hand locking out the global > zone to all purposes > and administrators except for managing zones (nothing > else) creates less > security overhead. Diving servers into manage sets > (this group, that > group, accounts payable, accounts receivable) instead > of sharing between > groups can also keep the security overhead low. > Everyone thinks they can > write programs to correct bad management instead of > trying to correct > bad management.
I assume by *Secure Solaris* you are referring to Solaris Trusted Extensions (TX). As you point out the TX model for administration is completely different from standard Solaris. The global zone is only available to administrative roles. Normal users, non-global zones, and untrusted hosts cannot login to the global zone. Roles may be assumed via trusted desktop menus. RBAC roles are used for separation of duty, and zones are even more isolated from each other than in the standard Solaris configuration. No data flows between zones are permitted unless explicitly granted and managed by a global zone administrator. See: http://opensolaris.org/os/community/security/projects/tx/ This message posted from opensolaris.org _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org