On Thu, 05 Aug 2010 14:03:20 +0200, Richard L. Hamilton <rlha...@smart.net>
>> I would like to upgrade a Thumper we use as a staging
>> server for backups form Solaris 10 to OpenSolaris. The backup
>> application (NetVault) is only supported on Solaris.
>> So my question is: can a branded Solaris 10 zone
>> access the external
>> tape vault? If so are there likely to be any issues
>> with running an application like NetVault within a branded zone?
> Devices can be assigned to zones. With a disk, that could
> be a security issue (a corrupted filesystem could crash the whole
> system, for example). A tape probably wouldn't be as much
> of a threat, but that's not the same as saying it would be safe.
> In general, one should consider very carefully the security and
> reliability implications of assigning devices to zones.
the problem with exporting the tape device to a NGZ, which although
not "supported" can be achived as you mention,
is that there's no way to exclusive assign that particular tape device
to a particular NGZ or to restrict access from the GZ or any other
NGZ to that same tape device. that might become a problem
if several different users try to use that tape from different
NGZs or a NGZ and the GZ, that access may produce a somewhat
questionable end result that care must be taken here when
setting up such configuration.
zones-discuss mailing list