On Thu, 05 Aug 2010 14:03:20 +0200, Richard L. Hamilton <[email protected]> wrote:
>> I would like to upgrade a Thumper we use as a staging >> server for backups form Solaris 10 to OpenSolaris. The backup >> application (NetVault) is only supported on Solaris. >> >> So my question is: can a branded Solaris 10 zone >> access the external >> tape vault? If so are there likely to be any issues >> with running an application like NetVault within a branded zone? > > Devices can be assigned to zones. With a disk, that could > be a security issue (a corrupted filesystem could crash the whole > system, for example). A tape probably wouldn't be as much > of a threat, but that's not the same as saying it would be safe. > In general, one should consider very carefully the security and > reliability implications of assigning devices to zones. the problem with exporting the tape device to a NGZ, which although not "supported" can be achived as you mention, is that there's no way to exclusive assign that particular tape device to a particular NGZ or to restrict access from the GZ or any other NGZ to that same tape device. that might become a problem if several different users try to use that tape from different NGZs or a NGZ and the GZ, that access may produce a somewhat questionable end result that care must be taken here when setting up such configuration. --- frankB _______________________________________________ zones-discuss mailing list [email protected]
