A few things come to mind: * Attaching a label to the zfs filesystem, so I can't mount the FS in an unlabeled or differently-labeled zone if I don't want to. (multiple labels for shared fs's would be cool, too.) * Connecting the startup of the trusted zone (I'm still learning this stuff, sorry if I'm completely off) to the mounting of the filesystem -- I guess these two are similar, in enforcing access to the restricted data to the restricted environment. Perhaps requiring the keys to the fs's as the zone boots. * Straightforward setup to set them both up together.
On a portable or an easy-to-steal desktop, the trusted zone's don't help me much without an encrypted store for it. Encrypted ZFS is useful by itself, but trusted zones with a disk that can get stolen needs encryption. Optimally, that mind-boggling 2-line setup procedure for my ZFS setup would be the model for setting up both a zfs encrypted store & a trusted zone atop of it. This message posted from opensolaris.org _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
