Tom Haynes wrote: > > What about the case where the customer wants to administer the zone they > purchased > and they do not want the global zone admins to have local access to > their data?
That would violate basics of the zones model. The global zone admin has complete access to all devices attached to the system. How would you prevent the GZ admin from halting the zone, manually mounting the non-global zone's disk partitions into the global zone, and accessing the data? Preventing the global zone from accessing certain hardware components would "open a very large can of worms." -------------------------------------------------------------------------- Jeff VICTOR Sun Microsystems jeff.victor @ sun.com OS Ambassador Sr. Technical Specialist Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq --------------------------------------------------------------------------
