On Fri, Oct 30, 2015 at 1:11 PM, David Gwynne <[email protected]> wrote: > >> On 30 Oct 2015, at 9:13 PM, Karel Gardas <[email protected]> wrote: >> >> This is nice! Am I right assuming zone exec is a short-cut for not >> need to implement Solaris' zlogin functionality? I'm not sure if I'm >> as ordinary global zone user on Solaris able to start process in >> another zone where I don't have login credentials. So that may be >> difference between your zone and Solaris IIRC. Otherwise your >> implementation is simple and elegant. Do you plan to continue on this >> with another term students? > > zone exec is a simple abstraction on top of the zone_enter syscall. zlogin on > solaris is a less simple abstraction on top of that syscall. > > an ordinary user in the global zone cannot call zone_enter (and zone exec by > extension), only root in the gz can. the same is true for zlogin in solaris. > also note that zlogin on solaris without any arguments doesnt require auth in > the target zone, it fakes a successful login as root.
Indeed, my mistake in reading your patch. Also I always use zlogin -C on Solaris so I completely overlooked this simplification. Thanks for clarification.
