James Carlson <[EMAIL PROTECTED]> > Cc: zones-discuss@opensolaris.org > Date: Fri, 04 May 2007 07:04:14 EDT > Subject: Re: [zones-discuss] pidentd
>[EMAIL PROTECTED] writes: >> I would like to have users on a zone, but we use pidentd to control some >> network connections. >> It seems that pidentd doesn not work on zones as it can't open kmem. >> >> Is there any way to make it work ? > >Essentially, no. > >Opening /dev/kmem in the zone wouldn't be a good thing to do -- >there's only one kernel, and that would break the security model. >Besides, everything visible via /dev/kmem is just an implementation >artifact; anything that depends on it hasn't been designed correctly >and may fail at any time as the internal kernel code evolves. > >The right thing to do is to create a set of stable interfaces to get >PID lists for sockets. We don't currently have such a thing in >Solaris, but it looks like this is something that other programs (such >as lsof) need. That's a real pain as that prevent us to use zones as hosting servers for users : - we are a school and we just want to identify connections. Starting with mail sending. Zones would break our identification model. It would be real nice if some solution could be found. f.g. _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org