Jerry Jelinek wrote On 12/12/06 16:54,:
Steffen Weiberle wrote:

Is it safe to generalize that non-LOFS file systems in Solaris 10 do not allow cross-zone interaction? procfs does not. namefs does not. tmpfs does not. sockfs does not. doors does not. What about all the others (I can't even name them all)?


One issue to be aware of with tmpfs is that a zone can consume all
of your swap space.  This is not a communication issue per se
but is a cross-zone issue if the zone is compromised.  We are solving
this with the new zone.max-swap rctl described here:

This new rctl is part of the overall zones/rm improvement project
we have been working on for a while now.

Thanks, Jerry! I am waiting with open arms :) for this, and memory sets, and swap sets, and IP instances! Oh, and CPU caps.

Wait, does this replace swap sets? Or is this a control to limit shared swap only? Maybe I can update that bullet item in my presentations!!

So, in addition to security concerns, this customer was also asking about DoS prevention or minimization, and these will all contribute to that ability.



zones-discuss mailing list
zones-discuss mailing list

Reply via email to