Darren J Moffat wrote: > Sarah Jelinek wrote: > >>> - Reduce or eliminate need to rely on root privileges and >>> root-owned artifacts, thereby meeting higher security >>> and responsibility partitioning standards. >>> >> We have this today with zones. See below.... > > With the HUGE overhead of requiring a new IP address. Zones are great > but they don't solve the same problem. I've been beaten around the > head by several project teams during WSARC reviews for suggesting > this, and I get the difference now! Gladly the same project teams > also get Zones and understand when they are useful too. That was why I suggested it might be too heavyweight. zones will solve many of the issues James is trying to solve with non-root pkg installs. My questions were really about have you looked at zones, and/or RM projects as a potential solution in this space. Valid questions. > >> zones are nice because you wouldn't have to modify pkgs at all, and you > > Hah! Zones more than any other project has caused the most packaging > changes as a result of new required things in packages for the correct > things to happen in some cases. The changes to pkging because of zones doesn't have anything to do with root or non-root privs for installing pkgs. I was implying that the mechanism to install, that is root within a zone, is achievable without any additional changes to the pkging infrastructure.
sarah
