Re: [zones-discuss] Solaris 8/9 branded zones on ZFS root?
Nicolas Dorfsman wrote: Which ACL model is then used ? It would seem that neither works from within the sol8 zone, although you do have access to ZFS style ACLs from the global zone. Trivial ACLs set through the global zone seem to be honored by the sol8 zone. I have not tried setting any non-trivial ACLs on the underlying ZFS, so I can't say whether they work as expected. -Tim -- Timothy Kennedy SDE Infrastructure Operations Manager Email: timothy.kenn...@sun.com Phone: +1-703-636-0531 / x53151 AIM/Skype: tkSUNW ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8/9 branded zones on ZFS root?
Timothy Kennedy wrote: Nicolas Dorfsman wrote: Which ACL model is then used ? From: System Administration Guide: Solaris 8 Containers ( http://docs.sun.com/app/docs/doc/820-2914/gfjbk?a=view ) Using ZFS Although the zone cannot use a delegated ZFS dataset, the zone can reside on a ZFS file system. You can add a ZFS file system to share with the global zone through the zonecfg fs resource. See Step 7 in How to Configure a solaris8 Branded Zone. Note that the setfacl and getfacl commands cannot be used with ZFS. When a cpio or a tar archive with ACLs set on the files is unpacked, the archive will receive warnings about not being able to set the ACLs, although the files will be unpacked successfully. These commands can be used with UFS. -Tim -- Timothy Kennedy SDE Infrastructure Operations Manager Email: timothy.kenn...@sun.com Phone: +1-703-636-0531 / x53151 AIM/Skype: tkSUNW ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8/9 branded zones on ZFS root?
Rich Teer wrote: I have a situation where I need to consolidate a few servers running Solaris 9 and 8. If the application doesn't run natively on Solaris 10 or Nevada, I was thinking of using Solars 9 or 8 branded zones. My intent would be for the global zone to use ZFS boot/root; would I be correct in thinking that this will be OK for the branded zones? That's correct. I have some solaris 8 zones running under cluster control, where zonepath is zfs, and they're doing just fine. Nothing special had to be done. -Tim -- Timothy Kennedy SDE Infrastructure Operations Manager Email: timothy.kenn...@sun.com Phone: +1-703-636-0531 / x53151 AIM/Skype: tkSUNW ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] NTP client in non-global zone
Nicolas Dorfsman wrote: It would be a great idea to have a easy solution to give these privileges to a zone. in zonecfg for a given zone, set limitpriv=default,proc_lock_memory,proc_priocntl,sys_time David Comay has an interesting blog post on this that can be found here: http://blogs.sun.com/comay/entry/privilege_set_me_free that explains the reasons for permissions additional to sys_time. -Tim -- Timothy Kennedy SDE Infrastructure Operations Manager Email: timothy.kenn...@sun.com Phone: +1-703-636-0531 / x53151 AIM/Skype: tkSUNW ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] RSC cards and zlogin -C to a zone clash of interest
Ihsan Zaghmouth wrote: Here's one issue that was raised by a Sun customer ... Looks like we have a clash of ineterst on ~. ... Anyone seen this before... Any thoughts ? That's a common frustration in my experience. OpenSSH, including Sun's variation thereof also use ~. as the escape sequence, which can have unintended consequences when connected remotely. My solution has been to use `zlogin -e\@ -C zonename`, which sets the zlogin escape sequence to @., and prevents the aforementioned unintended consequences. :) -Tim -- /\Timothy Kennedy \ \ IT Technologist V / \ \ / GCS Infrastructure Management (GCSIM) / /\\// /\Tier-3 Infrastructure OS Team \/ //\\/ /Email: [EMAIL PROTECTED] / \ \ / Phone: +1-703-636-0531 \ \AIM:tkSUNW \/WWW:http://blogs.sun.com/tkblog ___ zones-discuss mailing list zones-discuss@opensolaris.org