Brad Diggs wrote:
> Hello Vic,
> You have a few options.  You can use secure by default to
> disable most services and then as a post-zone creation 
> process, run a custom script that enables the services 
> that you want enabled through svcadm.
> Or, you could through jass define a custom set of services
> that you want disabled and enabled.
> Or you could create a custom smf template that sets the
> service end states that you desire.
> All three of these options plus one more are available as
> through the -s option in the Zone Manager script.  Feel free
> to download this bash shell script and re-use the methods
> employed in your own script.  The purpose of the Zone Manager
> project is to greatly simplify zone creation and management.
> And I highly encourage you to re-use whatever you like from
> it.

This is one of the really neat features of SMF.

svccfg extract > <your SMF profile> #on the origin system/zone 
with customized SMF profile

cp <your SMF profile> /var/svc/profile/generic.xml #on the target 
system/zone prior to first boot

and you have a customized service definition, a la SBD, applied 
at first boot, so your are never more vulnerable than you want to 
be. Works for any zone.


> Hope that helps!
> Brad
> On Fri, 2007-11-16 at 10:25 -0800, Vic Engle wrote:
>>I have a perl script that I use to create many zones automatically. It 
>>creates a template and sysidcfg file for the zone and creates and starts up 
>>the zone. There are services which are disabled by default and I would like 
>>to have my script configure those services to be enabled when the zone boots 
>>for the first time.
>>Can I set the services to be enabled simply by editing the service manifest 
>>XML files before booting the zone? Is there a better way to do this?
>>This message posted from
>>zones-discuss mailing list
zones-discuss mailing list

Reply via email to