Darren J Moffat writes: > Then I find the inconsistency distrubing and it is making me want to > pull the derail lever. > > Why is it acceptable to have a zone's hostid in the clear in the global > zone /etc/zone/<zonename>.xml for SPARC and x86 file yet it isn't > acceptable to have the hostid in the clear in /etc/hostid for x86 - even > when the source code for the silly obfuscation is open source.
I think a key distinction would be that non-global zones cannot read or write anything in the global zone's /etc/zone/ directory, but they can read and write their own /etc/hostid file just fine. Putting the data outside of the zone itself adds a measure of intentional security, which (given all the trivial ways one can circumvent hostid even without this project) is all that the hostid users have asked for. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
