On Wed, May 25, 2011 at 03:31:56PM -0400, James Carlson wrote: > Jens Elkner wrote: > > Well, actually we have "jumpstart" scripts for ~ 70 types of service > > zones which all use pkgadd -R /rpool/zones/$zname/root -d > > /net/$bla/install ... to supply the SW the zones need and to mangle the > > configs etc., so that when the zones come up we _know_ they are working > > as expected and can be used immediately. Never had any problems with > > that approach and wish to have the same functionallity wrt. IPS! > > Understandable desire, but I don't think using -R that way was > supported. pkgadd(1M) says this: > > Note - The root file system of any non- > global zones must not be referenced > with the -R option. Doing so might > damage the global zone's file sys- > tem, might compromise the security > of the global zone, and might damage > the non-global zone's file system. > See zones(5). > > That's from a Solaris 10 11/06 system (S10u3), and the same note is > still there on OpenSolaris.
Yes and might be the case for running zones or malicious packages. But actually it is, what LU does all the time ;-) Anyway, the scripts gets tested on test machines, to minimize the risk, that something strange happens in production... I guess, the author didn't further comment this note to avoid another whitepaper and leave a door open, to throw back the ball ;-) Regards, jel. -- Otto-von-Guericke University http://www.cs.uni-magdeburg.de/ Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2 39106 Magdeburg, Germany Tel: +49 391 67 12768 _______________________________________________ install-discuss mailing list install-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/install-discuss
