Dan Price wrote:
On Tue 12 Dec 2006 at 10:47AM, Glenn Faden wrote:
Names pipes may be used between zones when Trusted Extensions is
enabled. The policy for data flow between zones is generally more
restrictive when TX is enabled, but in this case it is slightly more
open. The specific policy difference is implemented in the function
tsol_fifo_access().


Thanks Glenn.  Is there any reason not to make this work for all zones,
not just TX ones?
In my opinion, this fix should apply to regular zones, not just TX. But I wasn't sure of the impact when I did this. Note that without this fix, even within a single zone, you can't create a named pipe between two processes if one is referencing the pathname through a lofs mount and the other is not.
I don't see a security risk here, since explicit administrator
intervention is needed fromt he global zone to set this up.  I'm
not sure I follow all the bit about lofs though-- what would be
the set of steps needed to set this up from the global zone,
if this actually worked?

Somebody in the global zone (or zoneadmd) has to make the named pipe rendezvous appear in the other zone. So two zones can't do this on their own. That's the restriction that TX requires.
OTOH, it all seems a bit hokey.  Steffen, what problem are you
trying to solve?  Why not just use sockets?
Some of our customers like the fact that the flow of information is unidirectional. You can't get that with sockets.

--Glenn


_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to