Re: [discuss] devfsadm.c and zones

Mon, 11 Mar 2013 07:52:09 -0700 

On Oct 11, 2012, at 9:36 AM, Alexander Eremin <[email protected]> 
wrote:

> Devfsadm must run in zone bunch of "mknod", "create", "delete", "symlink" and 
> other operations, and here also problem with some unsafe devices like 
> /dev/kmem. All this is contradict to common zone design and it's security 
> principles.

Exactly right.  In particular, mknod can be evil.

That said, the reason that distro construct needs to run is so that it can 
update some files in /etc.  (/etc/minor_perm, /etc/name_to_major in particular. 
 There may be others -- I'm thinking of /etc/devlink.tab as a possible 
candidate for example, but I'm *pretty* sure that devfsadm doesn't touch that 
file.)

It may be simpler to just add the logic to distro constructor to update those 
files without using devfsadm at all.  The logic for provisioning a new minor 
number, and updating the minor_perm is pretty darn trivial, and could probably 
be done with just a modest amount of shell scripting.

        - Garrett

> 
> Alexander
> 
> On Oct 11, 2012, at 8:03 PM, Gabriele Bulfon <[email protected]> wrote:
> 
>> Hi,
>> 
>> I was trying to find a way to run "devfsadm -r /other/root" under a zone 
>> (used by distro_const
>> to prepare the root for the cd image).
>> Looking at the illumos source of devfsadm.c I find exactly this at the 
>> beginning of main:
>> 
>> if (getzoneid() != GLOBAL_ZONEID) {
>> err_print(MUST_BE_GLOBAL_ZONE);
>> devfsadm_exit(1);
>> }
>> 
>> 
>> As far as I understand, the "-r" will build the dev structure under another 
>> root, not harming for
>> the global zone nor for the zone, so I can't see a reason why the "-r" call 
>> shouldn't run under a zone.
>> Am I wrong?
>> 
>> If I'm wrong, what may be another way to accomplish the devfsadm -r xxx 
>> under a zone?
>> 
>> In case I'm right, I would like to modify devfsadm.c to let it go through if 
>> "-r xxx" is in args...
>> 
>> Gabriele.
>> illumos-discuss | Archives  | Modify Your Subscription        
> 
> illumos-discuss | Archives  | Modify Your Subscription         




-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com

Reply via email to