[OpenIndiana-discuss] NTP not starting in Zones

[Brian Wilson]

On Thu, Sep 13, 2018 at 1:08 PM Jonathan Adams <t12nslookup at gmail.com>
wrote:

> strange, I prefer to run all my daemons in a zone as it keeps them separate
> from the core operating system, and reduces the access to resources.
>
> it's easy for a global zone to access the resources of the child, it's hard
> for the child to access the global zone.
>
>
Unless you give the child zone the privileges it needs to do so - like
sys_time.  Though I don't know that that one's a big deal.
I would take the opposite approach - lock down logins to the global zone
and run privileged 'global' services like NTP, monitoring, backups and/or
NFS there, and then keep the child/local zones as thin as possible so that
the processes running in the zone that faced the Internet were minimal.


> On Thu, 13 Sep 2018 at 18:22, Bob Friesenhahn <
> bfriesen at simple.dallas.tx.us>
> wrote:
>
> > On Thu, 13 Sep 2018, Alexander Pyhalov via openindiana-discuss wrote:
> >
> > > Hello.
> > > What is a point of running ntp in zone?
> > > NTP running in GZ will care about system time.
> >
> > The main reason is usually security.  Running network daemons inside
> > of zones helps avoid problems if there is a security issue with the
> > daemon.
> >
> > I run named and ntp in the global zone since I worry that the host
> > could have some dependencies on these protocols which impacts clean
> > booting.
> >
> > Bob
> > --
> > Bob Friesenhahn
> > bfriesen at simple.dallas.tx.us,
> http://www.simplesystems.org/users/bfriesen/
> > GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
> >
> > _______________________________________________
> > openindiana-discuss mailing list
> > openindiana-discuss at openindiana.org
> > https://openindiana.org/mailman/listinfo/openindiana-discuss
> >
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>