subject:"Re\: \[smartos\-discuss\] Zpool command within zone"

Re: [smartos-discuss] Zpool command within zone

2016-10-20 Thread Marcus Dillury

@ Daniel - precisely! :)

At the moment, I have an SMF script which simply removes /sbin/zpool and
puts it into another directory not presented to the zones.

Not ideal. A bit of a hack, but it works.



On Thu, Oct 20, 2016 at 7:02 PM, Daniel Carosone 
wrote:

> Assumption: want zfs delegation within a zone because it's useful. Don't
> want zpool because it leaks information from outside the zone in a / about
> the shared hosting environment.
>
> Are there tweaks to the privileges granted to a zone that could apply
> here? If not, is that the place to solve this?
> *smartos-discuss* | Archives
> 
>  |
> Modify
> 
> Your Subscription 
>
>



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

2016-10-20 Thread Daniel Carosone

Assumption: want zfs delegation within a zone because it's useful. Don't
want zpool because it leaks information from outside the zone in a / about
the shared hosting environment.

Are there tweaks to the privileges granted to a zone that could apply here?
If not, is that the place to solve this?



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

2016-10-19 Thread Rob Seastrom


+1 - I've found lofs to be just the ticket for stuff like persistent /home.  
Just works, no surprises.

-r


> On Oct 19, 2016, at 12:01 PM, Patrick O'Sullivan via smartos-discuss 
>  wrote:
> 
> It might be helpful if you explain why you are using delegated datasets if 
> you don't want control from within the zone.
> 
> Your alternative is to use a lofs mount which will make the desired directory 
> magically appear in the zone. Here's some sample JSON for this:
> 
>   "filesystems": [
> {
>   "source": "/source",
>   "target": "/target",
>   "type": "lofs"
> }
>   ]
> 
> 
> On Tue, Oct 18, 2016 at 9:22 PM, Marcus Dillury  wrote:
> Hi.
> 
> Thanks for coming back to me. 
> 
> Sorry, I should have specified. We are using delegated datasets in our 
> environment. So I was wondering if there is anyway of being able to do this, 
> even with delegated datasets? 
> 
> Many Thanks.
> Marcus 
> 
> 
> On 19 Oct 2016 1:47 AM, "Robert Mustacchi"  wrote:
> On 10/17/16 22:22 , Marcus Dillury wrote:
> > Hi.
> >
> > Just a quick question.
> >
> > Is there anyway to disable/remove the zpool command from a smartos vm?
> >
> > We are setting up a shared environment and would like to remove this
> > visibility from within a zone.
> 
> If you do not delegate any datasets into the zone (the default
> behavior), then zpool(1M) will not find any pools and zfs(1M) will not
> find any file systems. You can verify this by running the commands in
> the zone.
> 
> Robert
> 
> smartos-discuss | Archives  | Modify Your Subscription


---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

2016-10-19 Thread Patrick O'Sullivan via smartos-discuss

It might be helpful if you explain why you are using delegated datasets if
you don't want control from within the zone.

Your alternative is to use a lofs mount which will make the desired
directory magically appear in the zone. Here's some sample JSON for this:

  "filesystems": [
{
  "source": "/source",
  "target": "/target",
  "type": "lofs"
}
  ]


On Tue, Oct 18, 2016 at 9:22 PM, Marcus Dillury 
wrote:

> Hi.
>
> Thanks for coming back to me.
>
> Sorry, I should have specified. We are using delegated datasets in our
> environment. So I was wondering if there is anyway of being able to do
> this, even with delegated datasets?
>
> Many Thanks.
> Marcus
>
> On 19 Oct 2016 1:47 AM, "Robert Mustacchi"  wrote:
>
> On 10/17/16 22:22 , Marcus Dillury wrote:
> > Hi.
> >
> > Just a quick question.
> >
> > Is there anyway to disable/remove the zpool command from a smartos vm?
> >
> > We are setting up a shared environment and would like to remove this
> > visibility from within a zone.
> 
> If you do not delegate any datasets into the zone (the default
> behavior), then zpool(1M) will not find any pools and zfs(1M) will not
> find any file systems. You can verify this by running the commands in
> the zone.
> 
> Robert
> 
> *smartos-discuss* | Archives
> 
>  |
> Modify
> 
> Your Subscription 
> 



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

2016-10-18 Thread Marcus Dillury

Hi.

Thanks for coming back to me.

Sorry, I should have specified. We are using delegated datasets in our
environment. So I was wondering if there is anyway of being able to do
this, even with delegated datasets?

Many Thanks.
Marcus

On 19 Oct 2016 1:47 AM, "Robert Mustacchi"  wrote:

On 10/17/16 22:22 , Marcus Dillury wrote:
> Hi.
>
> Just a quick question.
>
> Is there anyway to disable/remove the zpool command from a smartos vm?
>
> We are setting up a shared environment and would like to remove this
> visibility from within a zone.

 If you do not delegate any datasets into the zone (the default
 behavior), then zpool(1M) will not find any pools and zfs(1M) will not
 find any file systems. You can verify this by running the commands in
 the zone.

 Robert

---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

2016-10-18 Thread Robert Mustacchi

On 10/17/16 22:22 , Marcus Dillury wrote:
> Hi.
> 
> Just a quick question.
> 
> Is there anyway to disable/remove the zpool command from a smartos vm?
> 
> We are setting up a shared environment and would like to remove this
> visibility from within a zone.

If you do not delegate any datasets into the zone (the default
behavior), then zpool(1M) will not find any pools and zfs(1M) will not
find any file systems. You can verify this by running the commands in
the zone.

Robert



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Zpool command within zone

Re: [smartos-discuss] Zpool command within zone

Re: [smartos-discuss] Zpool command within zone

Re: [smartos-discuss] Zpool command within zone

Re: [smartos-discuss] Zpool command within zone

Re: [smartos-discuss] Zpool command within zone

6 matches

Site Navigation

Mail list logo

Footer information