On Wed, Feb 14, 2007 at 01:11:06PM -0600, Robert Gordon wrote:
> so lets say /export/z1 is the root of zone1; and it contains a directory
> that is called export. Zone1 exports it's /export, which is in reality
> the global zones /export/z1/export.
> I'm asserting that the global zone will not be allowed to NFS export
> anything below /export/z1;

Yes, when zones are allowed to manage their exports then the global zone
has to get out of their way.

Upgrade consideration: when we ship zoned NFS service, what happens, on
upgrade, to existing global zone shares in zoned areas?

>                            I'd even go further and say that any user
> in the global zone would not have access to /export/z1.  [...]

But if we resolve loopback NFS mount issues then any zone could access
any other zone's NFS shares provided they have logical or physical
connectivity between them.  So why not allow global zone access then,
mediated, perhaps, by NFSv4-style ID mapping?

zones-discuss mailing list

Reply via email to