your sparse zone's zonepath in in /usr and it inherits /usr as well.

In our testing pkgadd calls getcwd in 
/dev/.SUNW_patches_0909107281-1123512-000001035723188c/120011-14 inside 
the zone, which instead of returning /dev/.SUNW...... as the absolute 
path returns the absolute path

and this is the what causes the failure in the sparse zone.
Need to do some more investigation as to why the whole root zone is 
failing to see if it's the same problem.

What is the zonecfg of the whole root zone.


Philip Nelson wrote:
> Path /usr/local/zones, and the zonepath under it, are part of the global 
> zone's /usr/local filesystem.  They are not separate mounts.  On the 
> system where the kernel patch worked, the zonepaths are separate mounts.
> -Philip
> Enda O'Connor wrote:
>> Philip Nelson wrote:
>>> Enda O'Connor wrote:
>>>> Philip Nelson wrote:
>>>>> They're 755, all the way to /.
>>>>> Here's the actual error message a small zone gets:
>>>>> /usr/local/zones/[zonename]/lu/dev/.SUNW_patches_0909107281-1123512-000001035723188c/120011-14/SUNWbart/install/checkinstall:
>>>>> /usr/local/zones/[zonename]/lu/dev/.SUNW_patches_0909107281-1123512-000001035723188c/120011-14/SUNWbart/install/checkinstall:
>>>>> cannot open
>>>>> pkgadd: ERROR: checkinstall script did not complete successfully
>>>>> Dryrun complete.
>>>>> No changes were made to the system.
>>>> Hi Philip
>>>> what is the premissions on the directory structure containing the 
>>>> patch being added?
>>> 775.
>>>> can you boot and halt the zone prior to running patchadd
>>> Yes--that's how I did it.
>>> I just patched a 6/01 server with containers, successfully this 
>>> time.  The only differences I can see are that the failing servers 
>>> are 6/06 instead of 6/01 (my earlier 6/01 problem was with a ZFS zone 
>>> root), and that the working 6/01 server has the container roots 
>>> mounted on their own UFS partitions.  The zone roots are still 
>>> permissions 700, but the underlying mount points (what you see if you 
>>> unmount the zone roots) are 755.  On the failing servers, the zone 
>>> roots are not mounted on their own partitions;  they are simply part 
>>> of the /usr/local partition.
>> hmm, need to test this locally to see what is up, suspect that the 
>> code in patchadd that mounts things up for installing the 120011 patch 
>> is getting confused somewhere.
>> So just to be clear, /usr/local/zones is part of the root filesystem, 
>> it's not a seperate mount.
>> Enda
>>> Any idea if nobody would be able to reference an underlying mount 
>>> point, and ignore the perms of the filesystem mounted on top of it?
>>> -Philip
>>>> Enda
>>>>> -Philip
>>>>> Enda O'Connor wrote:
>>>>>> Philip wrote:
>>>>>>> I've run into difficulty installing sparc kernel patch 120011-14 
>>>>>>> from the Oct/03/07 recommended patch cluster onto 6/01 and 6/06 
>>>>>>> systems with non-global zones (whether small or large).
>>>>>>> As long as all non-global zones are halted (and don't have ZFS 
>>>>>>> roots), the patch installs all right in the global zone.  
>>>>>>> However, it gives a failure message for installation in the 
>>>>>>> non-global zones because user nobody can't read the zone roots 
>>>>>>> (due to the required 700 permissions on those directories).  If I 
>>>>>>> try to give nobody read access to those directories, the patch 
>>>>>>> fails anyhow because it can't boot the non-global zone (it fails 
>>>>>>> on the 700 perms check).  I can't run the patch with the zones 
>>>>>>> already started because the kernel patch requires them to be 
>>>>>>> halted (for deferred activation patching).  So, I'm boxed in.
>>>>>>> There are a couple other patches not installing into the 
>>>>>>> non-global zones because they fail a dependency check on the 
>>>>>>> kernel patch.  I'm hoping that the small zones are inheriting the 
>>>>>>> patches anyhow, but I don't know what to do with the big zones.
>>>>>>> Any thoughts?
>>>>>>> This message posted from opensolaris.org
>>>>>>> _______________________________________________
>>>>>>> zones-discuss mailing list
>>>>>>> zones-discuss@opensolaris.org
>>>>>> Hi
>>>>>> wierd, my zonepaths are all 700 and it works fine, what is the 
>>>>>> permission of the parent of zonepath?
>>>>>> Enda

zones-discuss mailing list

Reply via email to