Jeff Victor writes: > On Thu, Feb 19, 2009 at 9:54 AM, Timothy Kennedy > <timothy.kenn...@sun.com> wrote: > > > > > > Nicolas Dorfsman wrote: > >> > >> It would be a great idea to have a easy solution to give these privileges > >> to a zone. > > > > in zonecfg for a given zone, > > set limitpriv=default,proc_lock_memory,proc_priocntl,sys_time > > > > David Comay has an interesting blog post on this that can be found > > here: http://blogs.sun.com/comay/entry/privilege_set_me_free > > that explains the reasons for permissions additional to sys_time. > > Here's another one: http://blogs.sun.com/JeffV/entry/shrink_wrap_security1 . > > You'd think I would have updated the FAQ by now... :-( > > I just updated it, but changed it to "NTP client". I don't know NTP > well enough to know if a zone can be an NTP *server*. If anyone knows > Sun's position on this, I will add it to the FAQ.
Being a server is easier than being a client. Clients have to adjust the local system time, or they're not doing anything useful. A server can broadcast the time without actually being in control of the local system time ("disable pll"). -- James Carlson, Solaris Networking <james.d.carl...@sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org