>[EMAIL PROTECTED] writes: >> >I'd sort of like to know how it does that reliably ... does it fork >> >and enter the zone? >> >> It does not resolve names local to the local zones; but it can easily >> find all the appropriate uids and processes. No different from traditional >> Solaris with multiple interfaces. > >Oh. I though that pidentd was supposed to resolve UIDs locally. >That's one of the features of the protocol; it provides "here's who >*I* think the user is" information back to the requester.
I did not get around to implementing that bit; it was more a proof-of-concept. It could returns uids in that case as well (should be sufficient for most purposes; in some cases the daemon returns only encrypted uids anyway) >> >In any event, I think that getting something other than /dev/kmem for >> >these sorts of applications (pidentd isn't the only one; there's also >> >lsof and probably ntop as well) would be a _very_ nice thing to have. >> >> >> Yep. But defining an interface is hairy, specially considering locking >> and performance. > >*sigh* It might not be that difficult, as long as we can just use the cred/pid stored in the tcp_t structure and either "trust" that or verify it. Casper _______________________________________________ zones-discuss mailing list email@example.com