Configurable Hostids for Non-Global Zones [PSARC/2008/647 FastTrack timeout 10/30/2008]
James Carlson
james.d.carlson at sun.com
Thu Oct 23 08:09:51 PDT 2008
Darren J Moffat writes:
> Then I find the inconsistency distrubing and it is making me want to
> pull the derail lever.
>
> Why is it acceptable to have a zone's hostid in the clear in the global
> zone /etc/zone/<zonename>.xml for SPARC and x86 file yet it isn't
> acceptable to have the hostid in the clear in /etc/hostid for x86 - even
> when the source code for the silly obfuscation is open source.
I think a key distinction would be that non-global zones cannot read
or write anything in the global zone's /etc/zone/ directory, but they
can read and write their own /etc/hostid file just fine.
Putting the data outside of the zone itself adds a measure of
intentional security, which (given all the trivial ways one can
circumvent hostid even without this project) is all that the hostid
users have asked for.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list