The GZ alternate is something we have already been exploring and that works indeed. Thanks for the suggestion.
Running ppriv -D -e zpool create .. shows that sys_config is missing, but limit_priv does not seem to support sys_config (maybe due to the oracle doc comment stating this as not supported at least on solaris). So we will implement this from the GZ for now.. From: Robert Mustacchi Sent: Monday, January 9, 2017 16:45 To: [email protected] Subject: Re: [smartos-discuss] lofiadm / zpool create inside a zone On 1/8/17 23:40 , Matthias Goetzke wrote: > Thanks for the feedback. The link was supposed to link to > http://constantin.glez.de/blog/2012/02/introducing-sparse-encrypted-zfs-pools. > (Pasting it in from pocket hid the getpocket link) > > I tried updating the vm with a number of different privileges, but with no > success. sys_config for example fails stating invalid privilege > > vmadm update f62ecc2d-825f-4df9-b5e1-e95207831d52 >limit_priv=default,sys_config > Command failed: On line 1 of /tmp/zonecfg.58411.tmp: > f62ecc2d-825f-4df9-b5e1-e95207831d52: invalid privilege > > sys_admin works but doesn’t have any effect. > > http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/6mhahup91/index.html > mentions that sys_config etc are not allowed in zones in solaris. Sadly I > don’t know how to see which privilege is being denied. Maybe if somebody > could tell me that I proceed without guessing. If you're asking which privilege is missing in the context of the zone when running the command, then you'll want to use the ppriv -D option. See http://illumos.org/man/1/ppriv for more information. If at the end of the day you can't create this in the zone, you can always create it in the GZ and delgate a dataset from it Robert ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
