On Wed, Sep 10, 2008 at 8:58 AM, Jerry Jelinek <[EMAIL PROTECTED]> wrote:
>> On Wed, Sep 10, 2008 at 12:55:53PM +0100, Lewis Thompson wrote:
>>> On Tue, 2008-09-09 at 09:04 -0400, Jeff Victor wrote:
>>>> The zonecfg man page has an example of the use of fs options:
>>>>        zonecfg:myzone3> add fs
>>>>        zonecfg:myzone3:fs> set dir=/usr/local
>>>>        zonecfg:myzone3:fs> set special=/opt/local
>>>>        zonecfg:myzone3:fs> set type=lofs
>>>>        zonecfg:myzone3:fs> add options [ro,nodevices]
>>>>        zonecfg:myzone3:fs> end
>>>> Have you attempted to specify the options using that syntax?
>>> Hi Jeff and Jerry
>>> Thank you, I was indeed using the wrong syntax and have added the
>>> options successfully now
>>> Thanks for fast response
>> Could we please discuss why fs options specified in zone configuration are 
>> better then just /etc/vfstab ?
> Using fs causes the mount to be managed/controlled by the global zone admin.  
> Zones itself does the mount
> based on how the zone is configured.
> Using the zone's vfstab means you have to give device access to the zone, 
> which also means that the zone has
> the ability to construct a bad file system on the device and panic the 
> machine, so this is inherently less secure
> than using fs.
> However, sometimes you want to give device access to the zone, so both 
> techniques are available, but it is generally
> preferred to use fs, since it is more constrained and secure than adding a 
> device to the zone.

Also, there is one situation - not part of the original request -
where the use of /etc/vfstab is not only preferable, it's required:
NFS mounts. If a zone needs to mount an NFS share from a different
system, the zone's administrator must perform the mount, either
manually - from within the zone - or automatically, in the zone's

zones-discuss mailing list

Reply via email to