[EMAIL PROTECTED] wrote: > On Wed, Sep 10, 2008 at 12:55:53PM +0100, Lewis Thompson wrote: >> On Tue, 2008-09-09 at 09:04 -0400, Jeff Victor wrote: >>> The zonecfg man page has an example of the use of fs options: >>> >>> zonecfg:myzone3> add fs >>> zonecfg:myzone3:fs> set dir=/usr/local >>> zonecfg:myzone3:fs> set special=/opt/local >>> zonecfg:myzone3:fs> set type=lofs >>> zonecfg:myzone3:fs> add options [ro,nodevices] >>> zonecfg:myzone3:fs> end >>> >>> Have you attempted to specify the options using that syntax? >> Hi Jeff and Jerry >> >> Thank you, I was indeed using the wrong syntax and have added the >> options successfully now >> >> Thanks for fast response > > Could we please discuss why fs options specified in zone configuration are > better > then just /etc/vfstab ?
Using fs causes the mount to be managed/controlled by the global zone admin. Zones itself does the mount based on how the zone is configured. Using the zone's vfstab means you have to give device access to the zone, which also means that the zone has the ability to construct a bad file system on the device and panic the machine, so this is inherently less secure than using fs. However, sometimes you want to give device access to the zone, so both techniques are available, but it is generally preferred to use fs, since it is more constrained and secure than adding a device to the zone. Jerry _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
