On Feb 14, 2007, at 12:47 PM, Jeff Victor wrote:
> Robert Gordon wrote:
>> So could we all agree that:
>> An NFS Server in a zone means that the namespace it exports is
>> restricted
>> to that zone only. By that i mean no global zone access to that
>> namespace,
>
> Unless I misunderstand you, we have no choice - the global zone's
> namespace is separate from a non-global zone's namespace. The only
> way to change that is to use a network-based directory service.
>
> This is a key design point of zones.
so lets say /export/z1 is the root of zone1; and it contains a directory
that is called export. Zone1 exports it's /export, which is in reality
the global zones /export/z1/export.
I'm asserting that the global zone will not be allowed to NFS export
anything below /export/z1; I'd even go further and say that any user
in the global zone would not have access to /export/z1. (but then i am
also an advocate that if there is something shared, solaris should
disallow
local access to that share point (and below) period... :) )
Robert..
PS; should we move the discussion to just nfs-discuss (or zones-
discuss) rather
than continue to cross-post ?
