Devfsadm must run in zone bunch of "mknod", "create", "delete", "symlink" and other operations, and here also problem with some unsafe devices like /dev/kmem. All this is contradict to common zone design and it's security principles.
Alexander On Oct 11, 2012, at 8:03 PM, Gabriele Bulfon <[email protected]> wrote: > Hi, > > I was trying to find a way to run "devfsadm -r /other/root" under a zone > (used by distro_const > to prepare the root for the cd image). > Looking at the illumos source of devfsadm.c I find exactly this at the > beginning of main: > > if (getzoneid() != GLOBAL_ZONEID) { > err_print(MUST_BE_GLOBAL_ZONE); > devfsadm_exit(1); > } > > > As far as I understand, the "-r" will build the dev structure under another > root, not harming for > the global zone nor for the zone, so I can't see a reason why the "-r" call > shouldn't run under a zone. > Am I wrong? > > If I'm wrong, what may be another way to accomplish the devfsadm -r xxx under > a zone? > > In case I'm right, I would like to modify devfsadm.c to let it go through if > "-r xxx" is in args... > > Gabriele. > illumos-discuss | Archives | Modify Your Subscription ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
