Dan Price wrote:
> On Wed 19 Sep 2007 at 06:05PM, Sebastien Roy wrote:
>> I'm working on adding a new service which runs in a non-global zone, and
>> which uses a control device in /dev. How do I arrange for this /dev node
>> to appear in non-global zones?
> Check out /usr/lib/brand/native/platform.xml, which defines which
> devices should appear in native brand non-global zones.
Thanks for the pointer.
> You should also think about which privileges your device needs, and
> whether zones have those privs (or don't, as appropriate). Any pseudo
> device going into a zone should also get a very thorough security
> We can help-- feel free to follow up here, or offline.
Thanks! I'm currently entertaining two different possible design options
for this daemon. The first is as mentioned above; having a separate
daemon in the non-global zone which accesses a common kernel control
module. The second is having a single daemon living in the global zone
and having the library used to access the daemon's interfaces access the
global daemon from non-global zones using a door. Are there examples of
the latter approach in other ON services?
zones-discuss mailing list