Hi Dan,

Dan Price wrote:
> On Wed 19 Sep 2007 at 06:05PM, Sebastien Roy wrote:
>> I'm working on adding a new service which runs in a non-global zone, and 
>> which uses a control device in /dev.  How do I arrange for this /dev node 
>> to appear in non-global zones?
> Check out /usr/lib/brand/native/platform.xml, which defines which
> devices should appear in native brand non-global zones.

Thanks for the pointer.

> You should also think about which privileges your device needs, and
> whether zones have those privs (or don't, as appropriate).  Any pseudo
> device going into a zone should also get a very thorough security
> evaluation.


> We can help-- feel free to follow up here, or offline.

Thanks!  I'm currently entertaining two different possible design options 
for this daemon.  The first is as mentioned above; having a separate 
daemon in the non-global zone which accesses a common kernel control 
module.  The second is having a single daemon living in the global zone 
and having the library used to access the daemon's interfaces access the 
global daemon from non-global zones using a door.  Are there examples of 
the latter approach in other ON services?

zones-discuss mailing list

Reply via email to