[crossbow-discuss] Re: Snooping on non-global network interfaces from global zone
Jeff Victor
Jeff.Victor at Sun.COM
Thu Feb 22 05:54:33 PST 2007
Xu wrote:
>
> And when NOT using IP instances - is such a snooping (from
> one non global zone to a different non global zone) available ? (did not
> test it yet) Is there something with privileges of zone that stops him from
> doing so ?
Hello Xu,
If a zone does *not* use IP instances, by default the zone cannot use snoop.
However, the global zone administrator can choose to allow a zone to snoop a
NIC to which it has been given access. This is done by adding the privilege
net_rawaccess to that zone and adding the network device to the zone. The
zone will see *all* packets on that interface, including other zones which are
also using that interface.
See my blog entry which explains this:
http://blogs.sun.com/JeffV/date/20061030
--------------------------------------------------------------------------
Jeff VICTOR Sun Microsystems jeff.victor @ sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
More information about the crossbow-discuss
mailing list