This thread has become confusing because there seems to be unrelated problems grouped together. The original question was about roles opening the console in labeled zones. The recent posts seem to be unrelated and I suspect are configuration related.
With respect to console access in zones, each zone has an instance of /dev/console which is symlinked the a special zconsole device. It is owned by root, and not world readable. A non-root process will need the file_dac_read privilege to open the console. If you want this to work for a role you would need to assign that privilege to the CDE "Terminal Console" action or a shell script wrapper around "xterm -C", and then assign the action or shell script to one of the role's profiles. For the other problems, my guess is that the user's home directories in the labeled zones are not getting created by the automounter. This tends to happen if the network configuration, e.g. DHCP, has changed since the zone was booted. My workaround for this is to run a command like this for each zone: zlogin <zonename> automount in the global zone as part of the script /etc/dhcp/eventhook --Glenn This message posted from opensolaris.org
