we have great trouble patching a server with local zones, where local zone's 
/var is configured as a separate filesystem.

The situation is:
-Server running Solaris 10 Update 1 (01/06)
-Local zones with /var separated from local zone's root filesystem
-While installing patches during single user mode we will get error messages 
like: "Cannot check name: //var/sadm/...". Patches will be installed partially.
Everything is ok if we install patches during multi-user. But this is not an 
option for many patches!

In thread <http://www.opensolaris.org/jive/thread.jspa?threadID=18964> Enda 
told us that we'd been caught by bug 6438808 and it will be fixed by patch 
119254-31 to be available soon.

Well. In the meantime we got that patch to get around those "Cannot check name" 
problems. We are able to patch servers
... running in multi-user (not recommended) or
... in single-user if there are no local zones with separated /var.

But we are not able to patch already existing zones with separated /var from 
within single user, because "patchadd 119254-31" failes with "Patch 119254-31 
failed to install due to a failure produced by pkgadd.".
Analysis showed that checkinstall is failing with SIGSEGV.
We found that patch 121004-03 (sh patch) will fix this.
Okay, we've tried to install 121004-03 at first, but 121004-03 fails while 
patching local zones, because of bug 6438808.

That's a problem: we need 121004-03 for installing 119254-31, but we also need 
119254-31 for installing 121004-03.

There is additional complexity because 119254-31 requires 121133-02 (zones 
library and zones utility patch) which itself requires 120900-04 (libzonecfg 
Patch). These patches cannot be installed, too! They are failing to install 
into local zones with separate /var.

Now what? How can we patch our servers?
That's what we call in germany "Henne-und-Ei-Problem", a perdicament.

I think Sun's recommended and security patch clusters will have the same 
problem if applied in single user mode on a server with local zones configured, 
each with separated /var filesystem.

Any help highly appreciated,
        Andreas Koppenhöfer
