Jordan Brown wrote:
> bart(1M) says about its -R option:
>           Note -  The root file system  of  any  non-global  zones
>                   must not be referenced with the -R option. Doing
>                   so might damage the global zone's  file  system,
>                   might  compromise  the  security  of  the global
>                   zone, and might  damage  the  non-global  zone's
>                   file system. See zones(5).
> Why?

Accessing a ngz fs from the gz is always dangerous since
a hostile ngz root admin can make changes which
refer to the gz, if you are looking at the fs from the
gz.  If you are only reading and don't care
if you are reading the wrong stuff, it is not a
big deal.  You should never write and attempt to
change anything when running in the gz and reaching
into the ngz hierarchy.  E.g. editing {zonepath}/etc/passwd
could be made to refer to gz /etc/passwd with a simple

zones-discuss mailing list

Reply via email to