Hi! I have a project where I need to run untrusted code contained in a local zone. As the code is untrusted the less resources I give to such a zone the safer I feel. Networking in general, is one such resource. I don't want zone to have access to anything but a loopback interface.
Unfortunately, the data for an untrusted code comes from a r/o NFS mount. I know that I can't mount NFS shares into roots of the zones directly (nor can I use lofs). What options do I still have left? Any ideas? Thanks, Roman. P.S. And just out of curiosity: what is the actual reason for not allowing NFS mounts into local zone roots? With all the traffic devoted to this feature I'm yet to see an explanation of why it wasn't allowed in the first place. _______________________________________________ zones-discuss mailing list firstname.lastname@example.org