James Carlson <[EMAIL PROTECTED]>
> Cc: firstname.lastname@example.org
> Date: Fri, 04 May 2007 07:04:14 EDT
> Subject: Re: [zones-discuss] pidentd
>[EMAIL PROTECTED] writes:
>> I would like to have users on a zone, but we use pidentd to control some
>> network connections.
>> It seems that pidentd doesn not work on zones as it can't open kmem.
>> Is there any way to make it work ?
>Opening /dev/kmem in the zone wouldn't be a good thing to do --
>there's only one kernel, and that would break the security model.
>Besides, everything visible via /dev/kmem is just an implementation
>artifact; anything that depends on it hasn't been designed correctly
>and may fail at any time as the internal kernel code evolves.
>The right thing to do is to create a set of stable interfaces to get
>PID lists for sockets. We don't currently have such a thing in
>Solaris, but it looks like this is something that other programs (such
>as lsof) need.
That's a real pain as that prevent us to use zones as hosting servers for
- we are a school and we just want to identify connections. Starting with mail
Zones would break our identification model.
It would be real nice if some solution could be found.
zones-discuss mailing list