>The integrated CIFS server project made running a server >on port 445 (which CIFS uses) a privileged operation - the >process needs to have PRIV_SYS_SMB (see privileges(5)). >Samba knows how to operate with this privilege, but the >privilege is not in the default set that is considered >safe in a zone. You can adjust the zone config to get >this to work - here's an example:
Unfortunately, that change was made incompatibly. Whenever you change the privilege needed for a particular operation, you generally should check for the old privilege also. PRIV_SYS_SMB is also used to allow starting the in-kernel CIFS server but the kernel should allow processes with PRIV_NET_PRIVADDR to bind to the CIFS ports. The code says: /* * NBT and SMB ports, these are extra privileged ports, * allow bind only if the SYS_SMB privilege is present. */ but clearly the NBT and SMB ports are NOT extra privileged ports as they're all < 1024. Casper _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org