James Carlson <[EMAIL PROTECTED]>
> Cc: zones-discuss@opensolaris.org
> Date: Fri, 04 May 2007 07:04:14 EDT
> Subject: Re: [zones-discuss] pidentd

>> I would like to have users on a zone, but we use pidentd to control some 
>> network connections.
>> It seems that pidentd doesn not work on zones as it can't open kmem.
>> Is there any way to make it work ?
>Essentially, no.
>Opening /dev/kmem in the zone wouldn't be a good thing to do --
>there's only one kernel, and that would break the security model.
>Besides, everything visible via /dev/kmem is just an implementation
>artifact; anything that depends on it hasn't been designed correctly
>and may fail at any time as the internal kernel code evolves.
>The right thing to do is to create a set of stable interfaces to get
>PID lists for sockets.  We don't currently have such a thing in
>Solaris, but it looks like this is something that other programs (such
>as lsof) need.

That's a real pain as that prevent us to use zones as hosting servers for 
users :
- we are a school and we just want to identify connections. Starting with mail 
Zones would break our identification model. 
It would be real nice if some solution could be found.


zones-discuss mailing list

Reply via email to