Scott Rotondo wrote: > > It seems to me that allocate should create the device nodes regardless > of whether a file system was mounted, and therefore a single exit > status for success is sufficient. Even if I mounted a file system at > allocation time, I should be able to unmount it and access the device > node directly without deallocating first. Doesn't that match how it > works in the global zone? First of all, the design of device allocation in TX is not the subject of this fast track. TX has always mounted the allocated device without creating a device node in the non-global zone. This case is only about providing better feedback to what is going on so that Sun Ray software can work more reliably.
Whenever possible we should avoid creating devices in non-global zones. Unfortunately, it is possible to panic the kernel from a non-global zone if a root process has access to the raw device while it is simultaneously mounted as a file system. If you scribble over the mounted filesystem you can cause a panic. It is critical to our security story to assert that a root process in a non-global zone cannot crash the kernel or other zones. > > A more basic question: This case mentions the fact that mounting file > systems during allocation is unique to TX, but I believe the > difference is simply due to historical accident. Wouldn't it make > sense to provide this feature to all Solaris users of device > allocation, regardless of whether TX is enabled or not? Again, that is not the subject of this case. This is about supporting device allocation in zones by Sun Ray software. If device allocation in standard Solaris is actually important to customers, we could extend the functionality in standard Solaris. However, I think that would done differently; probably based on HAL and the GNOME Removeable Drives and Media application. --Glenn
