[OmniOS-discuss] Ang: LX Zones question: Do you miss ipadm(1M)?
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Fri Mar 31 13:32:51 UTC 2017
On Thu, 30 Mar 2017, Joshua M. Clulow wrote:
> On 30 March 2017 at 14:46, Bob Friesenhahn <bfriesen at simple.dallas.tx.us> wrote:
>> Something I see is that with normal Solaris zones, one can provide root
>> access to a relatively untrusted third-party since everything important can
>> be locked-down. This approach should currently not be used with LX Zones.
>
> Why is that? There shouldn't be any difference between a native zone
> and an LX zone with respect to untrusted workloads. The containment
> model is the same in both cases.
I made an over-statement. The threat level to the global zone and
network is similar. What is not similar is that well known Linux
system admistration methods may cause the Linux install to stop
working. Merely installing a package which uses network interfaces
might cause harm to the Linux installation.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OmniOS-discuss
mailing list