On Tue, Apr 13, 2010 at 01:42:14PM -0600, Lori Alt wrote: > > >>>if a dataset is configured with zoned=on, can the dataset be temporarily > >>>mounted in the global zone? > >>Excellent question. I'm going to guess that the correct behavior > >>should be "no". Ed, what do you think the answer should be? > >> > >it'd actually be really nice if the answer was yes, in which case i > >think that this functionality would also address the following bug: > > 6882285 need a mechanism force mounts zfs filesystems > > > > Temporary mounts can be made to work this way. Do we need any > security on this other than (1) permissions to do mounts on this > dataset, and (2) permission to write to the target directory? > Because regular zfs mounts don't allow this, even if the > process/user attempting it has the above permissions. In other > words, should temporary mounts have an implied "force" behavior? >
for a user to do this without the temporary mountpoint capability, the user would need the ability to "set" the zoned and mountpoint attributes. so we're basically changing the required delegated zfs authorization from "set" to "mount". from a security perspective i don't think this makes much of a difference since i really don't see any reason why the gz should be delegating ANY zfs authorizations for datasets that contain a zone root filesystem. (although perhaps i'm just not thinking creatively enough.) i think allowing temporary mounts to have a force behavior is ok. it's not like the user is accidentally setting mountpoint, which results in a persistent setting. really, it seems to me this functionality is being designed to support things like BE management, which is exactly the same place that we need force support. so if we don't have force be implicit here, we'll have to design an additional mechanism that allows us to create force temporary mounts. ed _______________________________________________ opensolaris-arc mailing list [email protected]
