|
Description
|
Labeled zones in Trusted Extensions require a TCP connection to the global zone's X11 server and for Sun Ray services. In configuration, where an LDAP proxy server is running in the global zone, it must be available to labeled zone clients. Today, there are various cumbersome procedures, such as creating a virtual networking interface (vni) and configuring it as an all-zone interface. However, this use of vni is non-standard for Solaris, and is not supported by Solaris installation, nor by Network Automagic (nwam). The manual steps to configure the use of vni require editing the hosts file by hand, modifying the localhost entry, and assigning a new IP address to the the nodename. When user's fail to get this right, the system cannot be used, and even logging on the console fails, since PAM is unable to create a valid audit record.
A much simpler and more compatible approach is to automatically configure the loopback interface as an all-zones interface. Instead of a creating a logical instance of lo0 in each zone, a single all-zones instance provides the required connectivity to multilevel services running in the global zone.
This fix is most-useful in fresh installs. Adding the fix to existing systems
that already have an all-zones interface has no significant effect, unless it
is desired to reconfigure the system to take advantage of this change.
If it is desired to have no MLP's on the system, use tnzonecfg to turn off
MLP's.
|
