seems to be a problem with zones under / file system.
I will look into this more tomorrow.


Philip Nelson wrote:
> Path /usr/local/zones, and the zonepath under it, are part of the 
> global zone's /usr/local filesystem.  They are not separate mounts.  
> On the system where the kernel patch worked, the zonepaths are 
> separate mounts.
> -Philip
> Enda O'Connor wrote:
>> Philip Nelson wrote:
>>> Enda O'Connor wrote:
>>>> Philip Nelson wrote:
>>>>> They're 755, all the way to /.
>>>>> Here's the actual error message a small zone gets:
>>>>> /usr/local/zones/[zonename]/lu/dev/.SUNW_patches_0909107281-1123512-000001035723188c/120011-14/SUNWbart/install/checkinstall:
>>>>> /usr/local/zones/[zonename]/lu/dev/.SUNW_patches_0909107281-1123512-000001035723188c/120011-14/SUNWbart/install/checkinstall:
>>>>> cannot open
>>>>> pkgadd: ERROR: checkinstall script did not complete successfully
>>>>> Dryrun complete.
>>>>> No changes were made to the system.
>>>> Hi Philip
>>>> what is the premissions on the directory structure containing the 
>>>> patch being added?
>>> 775.
>>>> can you boot and halt the zone prior to running patchadd
>>> Yes--that's how I did it.
>>> I just patched a 6/01 server with containers, successfully this 
>>> time.  The only differences I can see are that the failing servers 
>>> are 6/06 instead of 6/01 (my earlier 6/01 problem was with a ZFS 
>>> zone root), and that the working 6/01 server has the container roots 
>>> mounted on their own UFS partitions.  The zone roots are still 
>>> permissions 700, but the underlying mount points (what you see if 
>>> you unmount the zone roots) are 755.  On the failing servers, the 
>>> zone roots are not mounted on their own partitions;  they are simply 
>>> part of the /usr/local partition.
>> hmm, need to test this locally to see what is up, suspect that the 
>> code in patchadd that mounts things up for installing the 120011 
>> patch is getting confused somewhere.
>> So just to be clear, /usr/local/zones is part of the root filesystem, 
>> it's not a seperate mount.
>> Enda
>>> Any idea if nobody would be able to reference an underlying mount 
>>> point, and ignore the perms of the filesystem mounted on top of it?
>>> -Philip
>>>> Enda
>>>>> -Philip
>>>>> Enda O'Connor wrote:
>>>>>> Philip wrote:
>>>>>>> I've run into difficulty installing sparc kernel patch 120011-14 
>>>>>>> from the Oct/03/07 recommended patch cluster onto 6/01 and 6/06 
>>>>>>> systems with non-global zones (whether small or large).
>>>>>>> As long as all non-global zones are halted (and don't have ZFS 
>>>>>>> roots), the patch installs all right in the global zone.  
>>>>>>> However, it gives a failure message for installation in the 
>>>>>>> non-global zones because user nobody can't read the zone roots 
>>>>>>> (due to the required 700 permissions on those directories).  If 
>>>>>>> I try to give nobody read access to those directories, the patch 
>>>>>>> fails anyhow because it can't boot the non-global zone (it fails 
>>>>>>> on the 700 perms check).  I can't run the patch with the zones 
>>>>>>> already started because the kernel patch requires them to be 
>>>>>>> halted (for deferred activation patching).  So, I'm boxed in.
>>>>>>> There are a couple other patches not installing into the 
>>>>>>> non-global zones because they fail a dependency check on the 
>>>>>>> kernel patch.  I'm hoping that the small zones are inheriting 
>>>>>>> the patches anyhow, but I don't know what to do with the big zones.
>>>>>>> Any thoughts?
>>>>>>> This message posted from opensolaris.org
>>>>>>> _______________________________________________
>>>>>>> zones-discuss mailing list
>>>>>>> zones-discuss@opensolaris.org
>>>>>> Hi
>>>>>> wierd, my zonepaths are all 700 and it works fine, what is the 
>>>>>> permission of the parent of zonepath?
>>>>>> Enda

zones-discuss mailing list

Reply via email to