Menno Lageman wrote:
Robert Gordon wrote:

So could we all agree that:

An NFS Server in a zone means that the namespace it exports is restricted to that zone only. By that i mean no global zone access to that namespace,
 nor would that namespace be re-exported within another NFS Server zone
 instance ?

I have some trouble parsing that, but my perception of the desired behaviour is: - a zone can only export resources that are within that zone (i.e. everything below it's zonepath), - a resource exported from a zone, may not at the same time be exported from the global zone; i.e. if zone a exports /export/foo then /zones/a/root/export/foo may not be exported by the global zone) - zone A and zone B may both export their own /export/foo since those are two distinct resources.

and also that the NFSMAPID_DOMAIN may be different for each zone.
and all security modes are available to all zones, in particular each zone that is an NFS server maybe in a different Kerberos REALM.

Darren J Moffat
zones-discuss mailing list

Reply via email to