Le 19 févr. 09 à 14:02, James Carlson a écrit :

Nicolas Dorfsman writes:
Le 19 févr. 09 à 09:13, david.co...@sun.com a écrit :

What is best practice here?

Do not run {x}ntpd in the zones.

Actually there is a use-case for doing so - given that it's a
network-facing appliction, one might want to run xntpd in a non- global
zone for isolation reasons.

To expound on that a bit: non-global zones can have access to networks
that the global zone cannot talk to.  In these cases, it's possible
for NTP to be configured to serve out time even if it can't manage the
time on the system.  The "disable pll" option in ntp.conf would be
used to set up such a server.

Idea is to have one particular non-globale zone setting the time for the whole machine.


It would be a great idea to have a easy solution to give these
privileges to a zone._______________________________________________

See zonecfg(1M) ... that specific case is in the examples for the
"limitpriv" attribute.

I'll do.
I've said "easy".  ;-)

Attachment: smime.p7s
Description: S/MIME cryptographic signature

zones-discuss mailing list

Reply via email to