Krzys writes:
> It does make those file systems as read-only loopback, is there any way to
> make
> /usr read/write loopback or even if I need to make it as a separate file
> system
> partition of directory. I would like to make it so its read/write partition.
If you were to configure it using "add fs" and "set type=lofs" to
create a read-write loopback mount, this would allow the non-global
zone to modify the /usr visible in the global zone and all other
zones.
It's unclear to me why you'd want to do that. It breaks one of the
fundamental security assertions of Zones: that applications inside the
zone cannot change parts of the system that are outside of the zone.
It also likely wouldn't work, as package installation would attempt to
write to /usr twice (once in the global zone when the system itself is
installed, again in the non-global zone when the zone is installed),
with unpredictable results.
If you need a writable /usr inside the non-global zone, then use a
whole root zone to do it. If you want the /usr to reside on some
other file system (e.g., a separate slice), then use something like
"add fs" and "set type=ufs".
Note that it's often unnecessary to have a writable /usr in a
non-global zone. Many users instead create a writable /usr/local for
locally-installed things in non-global zones:
add fs
set dir=/usr/local
set special=/export/home/my-zone-local
set type=lofs
end
Then you can have separate directories (/export/home/my-zone-local,
/export/home/your-zone-local) out in the global zone that hold the
separate /usr/local bits for each non-global zone.
--
James Carlson, KISS Network <[EMAIL PROTECTED]>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
_______________________________________________
zones-discuss mailing list
[email protected]
