In the AF_UNIX family of interfaces, only one server bind can be established to a single special file, which is a UNIX® domain socket. The AF_UNIX family does not support multilevel ports.
Like UNIX domain sockets, doors and named pipes use special files for rendezvous purposes.
The default policy for all Trusted Extensions IPC mechanisms is that they are all constrained to work within a single labeled zone. The following are exceptions to this policy:
The global zone administrator can make a named pipe (FIFO) available to a zone whose label dominates the owning zone. The administrator does this by loopback-mounting the directory that contains the FIFO.
A process that runs in the higher-level zone is permitted to open the FIFO in read-only mode. A process is not permitted to use the FIFO to write down.
A labeled zone can access global zone door servers if the global zone rendezvous file is loopback-mounted into the labeled zone.
The Trusted Extensions software depends on the door policy to support the labeld and nscd doors-based services. The default zonecfg template specifies that the /var/tsol/doors directory in the global zone is loopback-mounted into each labeled zone.