On Thu, Feb 19, 2009 at 9:54 AM, Timothy Kennedy <timothy.kenn...@sun.com> wrote: > > > Nicolas Dorfsman wrote: >> >> It would be a great idea to have a easy solution to give these privileges >> to a zone. > > in zonecfg for a given zone, > set limitpriv=default,proc_lock_memory,proc_priocntl,sys_time > > David Comay has an interesting blog post on this that can be found > here: http://blogs.sun.com/comay/entry/privilege_set_me_free > that explains the reasons for permissions additional to sys_time.
Here's another one: http://blogs.sun.com/JeffV/entry/shrink_wrap_security1 . You'd think I would have updated the FAQ by now... :-( I just updated it, but changed it to "NTP client". I don't know NTP well enough to know if a zone can be an NTP *server*. If anyone knows Sun's position on this, I will add it to the FAQ. -- --JeffV _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org