On Mon, Feb 01, 2010 at 06:48:00PM -0800, Alan Coopersmith wrote: > Edward Pilatowicz wrote: > > if you're tring to run gdm in the zone to access local hardware > > (graphics card, keyboard, mouse, etc) that will be a difficult, since X > > now uses hal (which depends on dbus) to discover hardware. i'm not sure > > how you could work around this (my X foo is not that strong). > > Xorg only uses HAL to find input devices, and that can be overridden in > xorg.conf. >
good to know. > I'd think the lack of access in a local zone to the devices in /dev that X > requires would be a much bigger obstacle (and rightly so, since letting those > into a local zone would allow that zone to take over the computer - it's bad > enough that /dev/xsvc exists at all in the global zone, much less giving a > local zone access to directly control every PCI device on the computer, > including all your NIC's and storage controllers). > very true. i made my comment because i know that in the past some folks had thrown security concerns to the wind, added a bunch of devices to a zone, and run the X server from the zone. it's not a supported config, we don't document it, we don't recommend it, i've never done it, but iirc at some point in the past people made it work. i should have qualified my statements about this configuration a bit more... ed _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
