[OmniOS-discuss] LX for OmniOS update
Dan McDonald
danmcd at omniti.com
Sun Aug 14 17:27:56 UTC 2016
> On Aug 14, 2016, at 1:20 PM, Michael Rasmussen <mir at miras.org> wrote:
>
> On Sun, 14 Aug 2016 12:48:36 -0400
> Dan McDonald <danmcd at omniti.com> wrote:
>
>>
>> I see pros & cons of both approaches. I'm visiting OmniTI HQ in a week to, among other things, bounce ideas around with OmniTI folks - since they are also my customers. Feel free to speak up here if you have opinions as well.
>>
> I vote for a combination of both approaches for the following main
> reasons:
>
> Approach 1)
> - All network configuration can be done outside the zone giving the
> opportunity to hand out LX zones to users with a locked down network
> configuration.
That's naive. An admin on even a SmartOS zone can invoke:
/native/sbin/ifconfig <stuff>
and wreak havoc. :)
> - Admins can script everything and have total control of LX zones
Also, by "admins" you mean "global zone admins", right?
> Approach 2)
> - This way favors in-house or friendly environment usecases where
> distributed responsibility is desired.
> - Greater flexibility for LX zone users
I see where you're going. "Doing both" requires double the work, but you do make an interesting case for it.
Dan
More information about the OmniOS-discuss
mailing list