I tried the kill and AFAICT root in the global zone can kill a process
in a non-global zone:
OK. I must be misremembering this. I thought the restriction was
more complex than that.
Within the global zone, the ability to kill a process in a non-global
zone is controlled by the "proc_zone" privilege. Normally, only a user
with all privileges will have this ability unless modified via RBAC.
zones-discuss mailing list