Re: [zones-discuss] Interfaces to automate zone system

Thu, 22 Nov 2007 18:36:03 -0800 

Hello,

I highly recommend that you use version 1.8.1 instead of 1.8 as
it includes many bug fixes that are not in 1.8.  Having said that,
mounting a configuration file used by the global zone into a
non-global zone can be a security risk.  I wouldn't recommend it.

Here is a example to illustrate how you could readonly mount a file 
via lofs from a global zone into a non-global zone during zone 
creation through the zone manager with the -r flag.

# z=`uname -n`
# cp /etc/hosts /etc/${z}
# zonemgr -F -a add -n z1 -z /zones -P pw -r "/etc/${z}|/etc/global"
# cksum /etc/hosts
2265366463      1183    /etc/hosts
# zlogin z1 "cksum /etc/global"
2265366463      1183    /etc/global
# zonemgr-a info -n z1
Zone information for zone z1
zonename: z1
zonepath: /zones/z1
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
fs:
        dir: /etc/global
        special: /etc/globalhostname
        raw not specified
        type: lofs
        options: [ro,nodevices]
attr:
        name: comment
        type: string
        value: "Zone z1"

Hope that helps!

Just as an FYI... the next version of the zonemgr which I hope 
to complete soon has a new unified mounting syntax that works
for all the main supported filesystems available today.  It is
still in alpha so I haven't yet posted on the site. If you are
interested in trying it out, send me a separate e-mail and I
will gladly send you a copy.

Brad

On Tue, 2007-11-20 at 14:29 +0100, Konstantin Gremliza wrote:
> Hi there,
> 
> I have a question regarding zonemgr.
> 
> We would like to use lofs to mount (ro) a file /etc/GLOBAL into the
> zones. It should contain the name of the global zone so anyone can
> easily find out, what system he is really on.
> 
> Zonemgr 1.8 only supports directories for readonly lofs mounts: option
> -r
> 
> Can it be changed to support files ?
> 
> Thanks and regards,
> 
> Konstantin
> _______________________________________________
> zones-discuss mailing list
> zones-discuss@opensolaris.org
-- 
---------------------------------------------------------------------
      _/_/_/  _/    _/  _/     _/   Brad Diggs
     _/      _/    _/  _/_/   _/    Communications Area Market
    _/_/_/  _/    _/  _/  _/ _/     Senior Directory Architect
       _/  _/    _/  _/   _/_/
  _/_/_/   _/_/_/   _/     _/       Office:  972-992-0002
                                    E-Mail:  [EMAIL PROTECTED]
 M  I  C  R  O  S  Y  S  T  E  M  S

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to