[OpenAFS] OpenAFS and Solaris 10 Zones
Matthew Weigel
unique@idempot.net
Wed, 4 May 2005 17:41:36 -0500 (CDT)
Jeffrey Hutzelman said:
> Yes. OpenAFS is not aware of zones at all, so the PAG namespace ends up
> being global rather than per-zone. So not only can root from one zone
> steal a PAG from another, but PAG-less users in different zones but with
> the same uid will share tokens.
If I'm understanding you correctly, that would be a great big
"WARNING! DO NOT RUN OPENAFS ON A MULTI-ZONE SYSTEM (for now)"
kind of thing?
--
Matthew Weigel
hacker
unique@idempot.net