[OmniOS-discuss] Last OmniOS bloody update for 2014 (long, please read)
Dan McDonald
danmcd at omniti.com
Fri Dec 19 03:20:31 UTC 2014
> On Dec 18, 2014, at 10:05 PM, Paul B. Henson <henson at acm.org> wrote:
>
>> From: Dan McDonald
>> Sent: Thursday, December 18, 2014 11:12 AM
>>
>> - Underlying infrastructure for global-zone rulesets for zones using
> ipfilter.
>
> Hmm, what exactly is this? Right now my zones are using exclusive stacks and
> just running ipfilter in the zone...
This came from Joyent. Imagine if you, the GZ admin, want to further clamp down a zone you're renting or just transferring root for. That's what this feature does.
It doesn't have set-at-boot time properties, because that needs to be added to your zone's brand code. Brand code is still outside illumos-gate for illumos distros, including OmniOS.
Dan
More information about the OmniOS-discuss
mailing list