Information Technology Reference
In-Depth Information
The following command sequence enables the Container to access the network
attached to NIC
bge1
:
GZ#
zonecfg -z timelord
zonecfg:timelord>
add net
zonecfg:timelord:net>
set physical=bge1
zonecfg:timelord:net>
set address=192.168.0.1
zonecfg:timelord:net>
end
zonecfg:timelord>
exit
This is a good time to configure IP filter rules
for
this Container
from
the global
zone. With those rules, you can prevent inbound network access to network ports
not used by NTP. You can also prevent outbound network access to systems other
than NTP servers if you choose specific NTP servers. Configuring Solaris IP filter
rules is outside the scope of this document.
With network access in place, you can discover the list of privileges necessary to
run the NTP client. First, boot the Container:
GZ#
zoneadm -z timelord boot
Wait for the Container to finish booting. Then, in one window, run the
privde-
bug
script in the global zone:
GZ#
./privdebug.pl -z timelord
In another window, run the NTP client in the Container:
GZ#
zlogin timelord
timelord#
ntpdate -u 0.pool.ntp.org 1.pool.ntp.org
16 May 13:12:27 ntpdate[24560]: Can't adjust the time of day: Not owner
The
privdebug
script displays the following output:
STAT PRIV
USED proc_fork
USED proc_exec
USED proc_fork
USED proc_exec
NEED proc_priocntl
NEED sys_time
^C
GZ#
Search WWH ::
Custom Search