10 октября 2015 г. 10:50:36 CEST, Michael Mounteney <gat...@landcroft.co.uk> пишет: >On Sat, 10 Oct 2015 07:33:29 +0200 >Jim Klimov <jimkli...@cos.ru> wrote: > >> With the alias interfaces in play - do you use a shared-ip zone? That >> may be the limit; try switching to exclusive-ip with dedicated >> vnic(s). > >That would explain why my setup notes (this is a fresh installation) >have DHCP in its own zone and all other services (IMAP, version control >repositories, TFTP, rsync server etc.) in another. > >It's not the answer for which I was hoping. It would be neater to have >all services together in one zone and not have to run a second zone, >just for one service. Is there another way? Anything else I can try? > >> Also see if any zone or process rbac privileges seem suitable >> additions to the service (especially if it works from shell and fails >> from SMF even as root): things like promiscuity or not-owned file >> access are dropped by default. > >It's the same both from the command line and via a service. > >Thanks for your reply. > >______________ >Michael Mounteney
You can try creating a vnic and delegating it to a zone (via device match rules). Hopefully then you'd get an owned device in the zone, but still not an owned stack where you can go promiscuous, change routes, etc. It may still be the limit... Maybe you can't even set an ip address on the delegated vnic from inside the zone. Hopefully someone better experienced with isc dhcpd canoffer better ideas. Jim -- Typos courtesy of K-9 Mail on my Samsung Android _______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
