Ben Rockwood writes:
> Still looking for a quasi-official answer on this.  Again, the questions that 
> need specific answers to are:
> A) Why, specifically, can't Non-global roots be placed on NFS?

Cross-zone NFS is currently not allowed; see PSARC 2004/357.

You'd end up with a process in one zone making system calls that are
resolved via an NFS client established in another zone.  In more
detail, you'd want the file system interface to work as though it's
inside the non-global zone, but for the NFS network I/O to take place
as though the client were actually in the global zone.

Doing this requires a minor redesign of the NFS client side.  What we
need here is to have a split between the upper part that implements
the file system itself, and the lower part that does network I/O, and
some way of joining the two such that the system "knows" which zoneid
and which credentials (cred_t) to use in which cases.

Then we'd also need some way to map credentials between the zones.
There's no guarantee that the UIDs and GIDs are the same between them.
This likely causes some interesting problems with Kerberized NFS, at

> B) Is anyone tasked with solving this?  Is there an ARC case that I'm unaware 
> of?
> LOFI might provide a workaround but I need a rock solid solution thats 
> integrated and I'm not going to bother implementation testing LOFI until I 
> know that there is absolutely no alternative on the horizon.

I think you should also take this up with the NFS community.  I
believe that they have talked about the problem, though I don't
(immediately) see a related project on  It definitely
needs their input.

See also CR 4963321.

James Carlson, Solaris Networking              <[EMAIL PROTECTED]>
Sun Microsystems / 1 Network Drive         71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677
zones-discuss mailing list

Reply via email to