That depends.

General IP filter settings may apply, depending on the rules, interface(s) used 
and defined, etc.

SMF properties are per zone, so that would be completely different. However, if 
you close a zone, the SMF configuration is copied over, not created from 
scratch. I am not 100% sure if the secure by default 
"service_profile=limited_net" /etc/sysidcfg configuration profile applies after 
cloning a 'hardened' zone. I alway set that for my zones, including my 'master' 
zone from which I clone most of my zones. I have never checked if I clone a SBD 
and set the clone to not be 'limited_net' (and I don't know what the 
alternative is--sysidcfg(5) does not include it), whether it will be 'secured' 
or 'open'.

Hardening by restricting the packages installed would apply, at least for 
system packages or for sparse (since you said Solaris 10) zones.

This message posted from
zones-discuss mailing list

Reply via email to