[OpenAFS] OpenAFS and Solaris 10 Zones

Matthew Weigel unique@idempot.net
Wed, 4 May 2005 17:41:36 -0500 (CDT)


Jeffrey Hutzelman said:

> Yes.  OpenAFS is not aware of zones at all, so the PAG namespace ends up
> being global rather than per-zone.  So not only can root from one zone
> steal a PAG from another, but PAG-less users in different zones but with
> the same uid will share tokens.

If I'm understanding you correctly, that would be a great big

        "WARNING! DO NOT RUN OPENAFS ON A MULTI-ZONE SYSTEM (for now)"

kind of thing?
-- 
 Matthew Weigel
 hacker
 unique@idempot.net