Tom Haynes wrote:

What about the case where the customer wants to administer the zone they 
and they do not want the global zone admins to have local access to their data?

That would violate basics of the zones model. The global zone admin has complete access to all devices attached to the system. How would you prevent the GZ admin from halting the zone, manually mounting the non-global zone's disk partitions into the global zone, and accessing the data?

Preventing the global zone from accessing certain hardware components would "open a very large can of worms."

Jeff VICTOR              Sun Microsystems            jeff.victor @
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:
zones-discuss mailing list

Reply via email to