tester wrote: > What is the recommende way to provide a global zone user access to some local > zone app file systems.(other than don't do it) > > thanks > > > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
you can mount a file system/directory into a non-global zone using the 'add fs' command in zonecfg. This is how I add other directories (such as read/write) to a non-global zone, and with the proper permissions, a non-privileged user in the global zone can also access it. Locking and data loss issues are the same as for two processes accessing the same directory or file within a zone (e.g. to vi sessions to the same file may mean someone's work gets lost).
