On Tue 12 Dec 2006 at 10:47AM, Glenn Faden wrote:
> Names pipes may be used between zones when Trusted Extensions is
> enabled. The policy for data flow between zones is generally more
> restrictive when TX is enabled, but in this case it is slightly more
> open. The specific policy difference is implemented in the function
> tsol_fifo_access().

Thanks Glenn.  Is there any reason not to make this work for all zones,
not just TX ones?

I don't see a security risk here, since explicit administrator
intervention is needed fromt he global zone to set this up.  I'm
not sure I follow all the bit about lofs though-- what would be
the set of steps needed to set this up from the global zone,
if this actually worked?

OTOH, it all seems a bit hokey.  Steffen, what problem are you
trying to solve?  Why not just use sockets?


Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
zones-discuss mailing list

Reply via email to