Solaris 10 zones (was Re: I have a security-sensitive customer...)
David Collier-Brown
David.Collier-Brown at Sun.COM
Thu May 19 18:47:17 GMT 2005
I spoke to one of my Smarter Colleagues[tm], and Samba runs happily
in a Solaris 10 zone, and in a very unscientific test with
a locally mounted filesystem (not a network one!) is faster than
it was on Solaris 9.
My personal machines have mostly nfs-mounted filesystems underneath
Samba, so they're not a good test site (;-))
--dave
David Collier-Brown wrote:
> Righto, zones and TS default policies are less dramatic (:-))
>
> --dave
>
> Andrew Bartlett wrote:
>
>> On Thu, 2005-05-19 at 10:46 -0400, David Collier-Brown wrote:
>>
>>> How so? It can do anything root can, it just can't do it to some
>>> process in some other zone or on a filesystem or network connected
>>> only to another zone. Did you hit a restriction Sun didn't notice?
>>> If so
>>> I should open a bug for it.
>>
>>
>>
>> I'm speaking only from the SELinux discussion that was had on this list,
>> where people wanted to try and define restrictive policies for Samba,
>> and some crazy ideas were proposed as regards how to transition between
>> the different zones (one per user).
>> The point is that any zone with 'make me root again' as a privilege, is
>> a pretty special zone.
>>
>> Andrew Bartlett
>>
>
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com | -- Mark Twain
(416) 263-5733 (x65733) |
More information about the samba-technical
mailing list