Jeff Victor writes:
> On Thu, Feb 19, 2009 at 9:54 AM, Timothy Kennedy
> <timothy.kenn...@sun.com> wrote:
> > Nicolas Dorfsman wrote:
> >> It would be a great idea to have a easy solution to give these privileges
> >> to a zone.
> > in zonecfg for a given zone,
> > set limitpriv=default,proc_lock_memory,proc_priocntl,sys_time
> > David Comay has an interesting blog post on this that can be found
> > here: http://blogs.sun.com/comay/entry/privilege_set_me_free
> > that explains the reasons for permissions additional to sys_time.
> Here's another one: http://blogs.sun.com/JeffV/entry/shrink_wrap_security1 .
> You'd think I would have updated the FAQ by now... :-(
> I just updated it, but changed it to "NTP client". I don't know NTP
> well enough to know if a zone can be an NTP *server*. If anyone knows
> Sun's position on this, I will add it to the FAQ.
Being a server is easier than being a client. Clients have to adjust
the local system time, or they're not doing anything useful. A server
can broadcast the time without actually being in control of the local
system time ("disable pll").
James Carlson, Solaris Networking <james.d.carl...@sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
zones-discuss mailing list