Hi Dan, Dan Price wrote: > On Wed 19 Sep 2007 at 06:05PM, Sebastien Roy wrote: >> I'm working on adding a new service which runs in a non-global zone, and >> which uses a control device in /dev. How do I arrange for this /dev node >> to appear in non-global zones? > > > Check out /usr/lib/brand/native/platform.xml, which defines which > devices should appear in native brand non-global zones.
Thanks for the pointer. > You should also think about which privileges your device needs, and > whether zones have those privs (or don't, as appropriate). Any pseudo > device going into a zone should also get a very thorough security > evaluation. Absolutely. > > We can help-- feel free to follow up here, or offline. Thanks! I'm currently entertaining two different possible design options for this daemon. The first is as mentioned above; having a separate daemon in the non-global zone which accesses a common kernel control module. The second is having a single daemon living in the global zone and having the library used to access the daemon's interfaces access the global daemon from non-global zones using a door. Are there examples of the latter approach in other ON services? -Seb _______________________________________________ zones-discuss mailing list [email protected]
