Erik,
thanks for this addition. I was going to ask this additional question, so you answerred before I asked.


So with IP instances this might be available. James state that sys_net_config priv is required in a zone to let dhcpd run. Will it change with IP instances that this privilege will also be in a zone possible or is this not required because each IP instance = each zone will have it's own arp-table ?

Detlef

Erik Nordmark wrote:
James Carlson wrote:
Jeff Victor writes:
Detlef Drewanz wrote:
I know dhcp-server and bootp-server were not possible to run in local zones. So now with S10 11/06 we can configure some more privileges into a zone. E.g. if I add the privilege net_raw_access to a zone, can I then run dhcp-server or dhcp-server in a local zone (because I should now be able to listen for broadcasts) ?
Funny, I was wondering about that, and decided to attempt to resolve this today. If anyone has an answer, I'd like to hear it. But I'll be working on this today.

in.dhcpd does SIOCSXARP to hotwire the ARP entry, which means at least
sys_net_config is required.  sys_net_config is on the list of
privileges that cannot be added to a zone:

% grep sys_net_config /usr/lib/brand/native/config.xml
        <privilege set="prohibited" name="sys_net_config" />
%
It seems unlikely that this will work.

in.dhcpd does work with IP Instances though.

But this assumes, at least initially, that each exclusive-IP zone has a separate datalink name (e.g. bge1 vs. bge0, or bge33000). Thus it might not help until vnic support is added to Solaris.

   Erik



--
Detlef Drewanz            Systems Engineer/OS Ambassador
Sun Microsystems GmbH     Phone: (+49 30) 747096 856
Komturstrasse 18a         mailto:[EMAIL PROTECTED]
D-12099 Berlin            http://blogs.sun.com/solarium
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to