>> >I'd sort of like to know how it does that reliably ... does it fork
>> >and enter the zone?
>> It does not resolve names local to the local zones; but it can easily
>> find all the appropriate uids and processes.  No different from traditional
>> Solaris with multiple interfaces.
>Oh.  I though that pidentd was supposed to resolve UIDs locally.
>That's one of the features of the protocol; it provides "here's who
>*I* think the user is" information back to the requester.

I did not get around to implementing that bit; it was more a

It could returns uids in that case as well (should be sufficient for
most purposes; in some cases the daemon returns only encrypted uids anyway)

>> >In any event, I think that getting something other than /dev/kmem for
>> >these sorts of applications (pidentd isn't the only one; there's also
>> >lsof and probably ntop as well) would be a _very_ nice thing to have.
>> Yep.  But defining an interface is hairy, specially considering locking
>> and performance.

It might not be that difficult, as long as we can just use the
cred/pid stored in the tcp_t structure and either "trust" that or
verify it.

zones-discuss mailing list

Reply via email to