I posted an earlier reply to zones-discuss, but I didn't copy all of the forums
in the original posting. I'm doing so now. I am also correcting some errors in
my earlier reply:
Yes, it is possible to share a zfs dataset that has been added to a labeled
Set the mountpoint property of your dataset zone/data to be within the
restricted zone's root. For example:
# zfs set mountpoint=/zone/needtoknow/root/zone/data zone/data
Then you should specify, using zonecfg, that the dataset is associated with the
zonecfg:zone-name> add dataset
zonecfg:zone-name:dataset> set name=zone/data
I previously stated that you didn't need to specify the dataset via zonecfg, if
the zone is already running. However, in the general case, you should do so. If
the dataset is mounted before the zone has been booted, zoneadm will fail to
boot the zone because its file namespace it not empty.
Then you should be able to share it via NFS, by editing the approriate dfstab
file in the global zone. In this case, the dfstab file would be:
When the zone is booted, the dataset will be mounted automatically as a
mount point in the restricted zone with the correct label.
A few subtle points:
1. Setting the zfs mountpoint property has the side-effect of settting
its label if the mountpoint corresponds to a labeled zone. Only the global zone
can do this.
2. The dataset will only be accessible while the restricted zone is ready or
running. Note that it can be shared (via NFS) even when the zone is in the
3. Labeled zones which dominate the restricted zone (if any) can gain read-only
access via NFS mounts (specifying an non-shared global zone IP address and the
full pathname of the mounted dataset as viewed from the global zone. For
The second "zone" in the pathname is there because it was specified in the
original posting, but you can rework the example without it.
This message posted from opensolaris.org
zones-discuss mailing list