Ric Aleshire wrote:
> Yes - currently in the kernel socket I/O code, there is a check that the
> AF_UNIX socket endpoint is in the same
> zone as the server peer. The proposal for a) above means that this
> check will be modified, so that when TX is
> enabled and the socket zone and server zone do not match, then the
> server must be in the global zone.
Which raises the interesting question of whether that check should really
be for TX, or if this should be something that can be set on for any machine
with Zones, and which TX just happens to always set. It would seem things
like running X clients in Etude or BrandZ zones could also benefit from this.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
