Nicolas Dorfsman writes:
> Le 19 févr. 09 à 09:13, david.co...@sun.com a écrit :
> 
> >>> What is best practice here?
> >>
> >> Do not run {x}ntpd in the zones.
> >
> > Actually there is a use-case for doing so - given that it's a
> > network-facing appliction, one might want to run xntpd in a non-global
> > zone for isolation reasons.

To expound on that a bit: non-global zones can have access to networks
that the global zone cannot talk to.  In these cases, it's possible
for NTP to be configured to serve out time even if it can't manage the
time on the system.  The "disable pll" option in ntp.conf would be
used to set up such a server.

> +1
> 
> It would be a great idea to have a easy solution to give these  
> privileges to a zone._______________________________________________

See zonecfg(1M) ... that specific case is in the examples for the
"limitpriv" attribute.

-- 
James Carlson, Solaris Networking              <james.d.carl...@sun.com>
Sun Microsystems / 35 Network Drive        71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to