Roland Mainz writes: > Slightly offtopic: Aren't zones like diskless cients which can be > patched on the diskless client server instead of booting the client for > each patch ?
In concept, there are some similarities, but there are some significant differences. The main on is that when we're manipulating the contents of the zone, we have to treat the entire contents of the zone -- including the packaging and patch scripts -- as "untrusted." A malicious zone administrator could modify those scripts and when the global zone administrator goes to remove a package or a patch, he ends up with scripts running in the global zone that were hacked by the non-global zone user. Because of this, we have to enter each zone when we're manipulating patches and packages. We don't have to _boot_ the zone, but we do have to enter it in the same way that a boot sequence would. This is what the "scratch zone" is all about. -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
