Resolve Local Zone to Global Zone Routing in Trusted CDE

For every zone to access Trusted CDE, the DISPLAY variable must resolve. In Trusted CDE, to resolve the variable, the nodename of the labeled zone, the nodename of the global zone, and the nodename of an all-zones interface must resolve to the identical name.

Before You Begin

You are using Trusted CDE and are manually initializing a labeled zone.

1. Enable Trusted CDE to display at the label of a zone by using one of the following methods.

   • Method 1: Enable X server traffic with other systems.

     In this configuration, the labeled zones can reach other systems through the X server in the global zone.

     1. Ensure that the /etc/nodename file specifies the name of the system.

        ## /etc/nodename machine1

     2. Ensure that the /etc/hosts file specifies the name of the system.

        ## /etc/hosts 192.168.2.3 machine1 loghost

        For ToolTalk^TM services to work, the name of the system must be on the same line as loghost.

     3. Ensure that the /etc/hostname.interface file specifies the name of the system.

        In this configuration, machine1 is the all-zones interface for Trusted CDE.

        ## /etc/hostname.bge0 machine1 all-zones

   • Method 2: Limit X server traffic to the local system.

     In this configuration, the labeled zones can communicate with the X server on the local system. However, no route exists from the local X server to other systems on the network. The route must use another interface.

     1. Ensure that the /etc/nodename file specifies the name of the system.

        ## /etc/nodename machine1

     2. Ensure that the /etc/hosts file specifies the name of the system.

        Starting with the Solaris 10 10/08 release, lo0 is an all-zones interface. In this case, the file appears similar to the following:

        ## /etc/hosts 127.0.0.1 localhost machine1 loghost

        You can also use the vni0 interface.

        For ToolTalk services to work, the name of the system must be on the same line as loghost.

   • Method 3: Resolve the DISPLAY variable in another way, such as routable addresses on per-zone logical interfaces.

     For that procedure, see Adding Network Interfaces and Routing to Labeled Zones.

2. To boot the zone, return to Step 3 in Install, Initialize, and Boot a Labeled Zone by Using CDE Actions.