Brad Diggs wrote:
> Hello Vic,
> You have a few options. You can use secure by default to
> disable most services and then as a post-zone creation
> process, run a custom script that enables the services
> that you want enabled through svcadm.
> Or, you could through jass define a custom set of services
> that you want disabled and enabled.
> Or you could create a custom smf template that sets the
> service end states that you desire.
> All three of these options plus one more are available as
> through the -s option in the Zone Manager script. Feel free
> to download this bash shell script and re-use the methods
> employed in your own script. The purpose of the Zone Manager
> project is to greatly simplify zone creation and management.
> And I highly encourage you to re-use whatever you like from
This is one of the really neat features of SMF.
svccfg extract > <your SMF profile> #on the origin system/zone
with customized SMF profile
cp <your SMF profile> /var/svc/profile/generic.xml #on the target
system/zone prior to first boot
and you have a customized service definition, a la SBD, applied
at first boot, so your are never more vulnerable than you want to
be. Works for any zone.
> Hope that helps!
> On Fri, 2007-11-16 at 10:25 -0800, Vic Engle wrote:
>>I have a perl script that I use to create many zones automatically. It
>>creates a template and sysidcfg file for the zone and creates and starts up
>>the zone. There are services which are disabled by default and I would like
>>to have my script configure those services to be enabled when the zone boots
>>for the first time.
>>Can I set the services to be enabled simply by editing the service manifest
>>XML files before booting the zone? Is there a better way to do this?
>>This message posted from opensolaris.org
>>zones-discuss mailing list
zones-discuss mailing list