Octave Orgeron wrote: > Hi Robert, > > Excellent point! I think this is a good example of why the same > physical path can't be shared from a zone and the global zone at the > same time. Perhaps excluding any zonepaths from being shared at the > global zone is desirable if the nfs switch for that zone is turned on?
Do you think that such a switch should be per-zone or per-device/share? > Octave > > --- Robert Gordon <Robert.Gordon at Sun.COM> wrote: > >> On Feb 14, 2007, at 3:17 PM, Edward Pilatowicz wrote: >> >> There maybe a conflicting security requirement here. Lets say >> I'm SA of the zone and i have exported /export/foo with krb5i >> (since my foo really needs tight security :) ) to a limited >> set of clients. Then along comes Mr Global SA and exports it >> with auth_sys to any old nfs client.. >> >> seems like that might be an issue ? >> -- -------------------------------------------------------------------------- Jeff VICTOR Sun Microsystems jeff.victor @ sun.com OS Ambassador Sr. Technical Specialist Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq --------------------------------------------------------------------------
