On Thu, 05 Aug 2010 14:03:20 +0200, Richard L. Hamilton <rlha...@smart.net> 
wrote:

>> I would like to upgrade a Thumper we use as a staging
>> server for backups form Solaris 10 to OpenSolaris.  The backup
>> application (NetVault) is only supported on Solaris.
>>
>> So my question is: can a branded Solaris 10 zone
>> access the external
>> tape vault?  If so are there likely to be any issues
>> with running an application like NetVault within a branded zone?
>
> Devices can be assigned to zones.  With a disk, that could
> be a security issue (a corrupted filesystem could crash the whole
> system, for example).  A tape probably wouldn't be as much
> of a threat, but that's not the same as saying it would be safe.
> In general, one should consider very carefully the security and
> reliability implications of assigning devices to zones.

the problem with exporting the tape device to a NGZ, which although
not "supported" can be achived as you mention,
is that there's no way to exclusive assign that particular tape device 
to a particular NGZ or to restrict access from the GZ or any other
NGZ to that same tape device. that might become a problem
if several different users try to use that tape from different
NGZs or a NGZ and the GZ, that access may produce a somewhat
questionable end result that care must be taken here when
setting up such configuration.

---
frankB
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to