System News
back1 2 3 4 5 6 7 8 9 10 11 next
Articles for the keywords: zones
23 May 2014 Overview of Solaris Zones Security Models [36519]
By Darren Moffat

Darren writes, "Over the years of explaining the security model of Solaris Zones and LDOMs to customers "security people" I've encountered two basic "schools of thought". The first is "shared kernel bad" the second is "shared kernel good".

Which camp is right ? Well both are, because there are advantages to both models.

If you have a shared kernel there the policy engine has more information about what is going on and can make more informed access and data flow decisions, however if an exploit should happen at the kernel level it has the potential to impact multiple (or all) guests.

If you have separate kernels then a kernel level exploit should only impact that single guest, except if it then results in a VM breakout..."
(Get More Information . .) open to premium members only

19 May 2014 How to Set Up a Hadoop 2.2 Cluster From the Unified Archive [36518]
By Orgad Kimchi

Orgad writes, "Learn how to combine an Apache Hadoop 2.2 (YARN) cluster using Oracle Solaris Zones, the ZFS file system, and the new Unified Archive capabilities of Oracle Solaris 11.2 to set up a Hadoop cluster on a single system.

Also see how to configure manual or automatic failover, and how to use the Unified Archive to create a 'cloud in a box' and deploy bare-metal system..."
(Get More Information . .) open to premium members only

05 May 2014 Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .) open to premium members only

05 May 2014 Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .) open to premium members only

05 May 2014 Solaris 11.2: Immutable Global Zone [36169]
Read-Only Root Non-Global Zones is marketed as Immutable Zones

Casper Dik writes, "This is blog is a bit more substantial; it requires some knowledge about Solaris Zones, Immutable Zones and Solaris administration in general. It is high-level; in future I'm hoping to get down to the nuts and bolts.

In Solaris 11 we added the Read-Only Root Non-Global Zones, marketed as Immutable Zones; this is a feature that makes a zone tamper-proof.

In an Immutable Zone is configured simply by setting the "file-mac-profile" to one of "strict" (not much writeable), "fixed-configuration" and "flexible-configuration" (configuration is writeable but binaries and such or not). This is all implemented in the kernel based on pathnames and depending on the context; the super-user in the global zone can still update the zone or even modify protected files as long as that is not done from within the zone..."
(Get More Information . .) open to premium members only

 
back1 2 3 4 5 6 7 8 9 10 11 next






News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
30,000+ Members – 30,000+ Articles Published since 1998

!-- end archive_section.tpl -->