I believe all Ben is looking for is the ability to put a local zone's "root-fs" on NFS.
Especially with U3's zone-import/export feature, this becomes very powerful (without having to goof around with lofs and friends) If there isn't an official (Solaris 10) RFE on this already (I thought there was) please let me know and I'll have one opened. (others can then attach to it in order to hopefully influence its priority) Thanks, -- MikeE -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Carlson Sent: Tuesday, January 23, 2007 9:32 AM To: Ben Rockwood Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] Re: Zones on NFS Ben Rockwood writes: > Still looking for a quasi-official answer on this. Again, the questions that need specific answers to are: > > A) Why, specifically, can't Non-global roots be placed on NFS? Cross-zone NFS is currently not allowed; see PSARC 2004/357. You'd end up with a process in one zone making system calls that are resolved via an NFS client established in another zone. In more detail, you'd want the file system interface to work as though it's inside the non-global zone, but for the NFS network I/O to take place as though the client were actually in the global zone. Doing this requires a minor redesign of the NFS client side. What we need here is to have a split between the upper part that implements the file system itself, and the lower part that does network I/O, and some way of joining the two such that the system "knows" which zoneid and which credentials (cred_t) to use in which cases. Then we'd also need some way to map credentials between the zones. There's no guarantee that the UIDs and GIDs are the same between them. This likely causes some interesting problems with Kerberized NFS, at least. > B) Is anyone tasked with solving this? Is there an ARC case that I'm unaware of? > > LOFI might provide a workaround but I need a rock solid solution thats integrated and I'm not going to bother implementation testing LOFI until I know that there is absolutely no alternative on the horizon. I think you should also take this up with the NFS community. I believe that they have talked about the problem, though I don't (immediately) see a related project on opensolaris.org. It definitely needs their input. See also CR 4963321. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
