Krzys wrote: > I am not sure if this question was already asked or not, but can you please > tell > me or point me to links where I can find what are the benefits or problems to > have Sparse vs. Whole Root Zones? > > Here is what I have so far, please correct me if I'm wron on any of them. > > Whole Root Zones > * Each zone is assigned its own root file system and cannot see that of others the bit about "cannot see that of others" applies to any type of zone ( sparse branded etc ) > * A zone can be created as a whole-rootzone > > The zone gets its own writable copy of all Solaris file systems it gets it's own writable copies of /usr /platform /sbin /lib to be percise, along with all the otehr file systems. > * Advantages of a whole root zone > > installation of software such as WebSphere MQ v6.0 is easily acomplished > since MQ must be installed into an environment where /opt and /usr are > writable. > > portability yes, some software does require writable /usr > > Sparse Zones > > The default file system configuration is called a sparse-rootzone yes > > The zone contains its own writable /etc, /var, /proc, /dev these are writable in any zone type assuming default install. > > Inherited file systems (/usr, /lib, /platform, /sbin) are read-only > mounted via a loopback file system (LOFS) yes > > /opt is a good candidate for inheriting possibly, but depends really on whether you want your zone to be able to write to /opt or not. > * Advantages of a sparse root zone > > Faster patching and installation due to inheritance of /usr and /lib yes > > Read-only access prevents trojan horse attacks against other zones not really applicable as such in my opinion, each sparse root zone will see the global zone's /usr for instance. But cannot modify /usr in any way. > > Libraries shared across all zones reducing VM footprint yes, but not really an issue unless you run a massive amount of zones and don't have resources to cope. >
BTW if you just want /usr writable, then you could leave the other file systems such as /lib /platform and /sbin as inherited. But it depends on what software you are trying to install ( and where it wants to write to ) Enda > _______________________________________________ > zones-discuss mailing list > zones-discuss@opensolaris.org _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
