On Tue 12 Dec 2006 at 10:47AM, Glenn Faden wrote:
> Names pipes may be used between zones when Trusted Extensions is
> enabled. The policy for data flow between zones is generally more
> restrictive when TX is enabled, but in this case it is slightly more
> open. The specific policy difference is implemented in the function
Thanks Glenn. Is there any reason not to make this work for all zones,
not just TX ones?
I don't see a security risk here, since explicit administrator
intervention is needed fromt he global zone to set this up. I'm
not sure I follow all the bit about lofs though-- what would be
the set of steps needed to set this up from the global zone,
if this actually worked?
OTOH, it all seems a bit hokey. Steffen, what problem are you
trying to solve? Why not just use sockets?
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
zones-discuss mailing list