Ok, so virtual machines for x86 (VirtualBox, VMware, etc) does not necessarily 
give you additional security. "Security by virtualization is a failure":

I wonder, how does the Solaris Zone VM model compare to these? Can you use the 
same type of exploit on Zones? Are Zones vulnerable to what he talks of, are 
Zones more secure? Or, are all VMs insecure, no matter what model?

BTW, My original plan does not work. I have SunRay clients, which means I can 
not shutdown the global zone's NIC - because then the SunRay will stop 
function. I must somehow separate local zones traffic, from the global zone's 

So... the global zone's NIC is on but I never touch it, or surf from the global 
zone (unless I must upgrade/patch Solaris). I only surf from local zones. How 
do I setup this scenario? Now I am confused.

1) Global Zone NIC, I dont touch it
2) For each local zone, I create a vnic and assign the vnic to the global zone 

Now I am done? Does this suffice? Or should I create a "subnet" and create 
vnics in the subnet, and attach all local zones to those vnics - then I have 
separated global NIC and local zones? Any hints? Anybody? (If I get it to work, 
I will write down explicitly how I did this, to help others)
This message posted from opensolaris.org
zones-discuss mailing list

Reply via email to