I am trying to get Live Upgrade better by reimplementing some parts of
the code. What I am not sure of is whether is it safe to do a copy of
non global zone imports (filesystems dedicated to a zone in its config)
from the global zone.
This is existing code (lucopy.sh:1808, install-nv-clone):
1809 fgrep -xv $mountpoint /tmp/lucopy.zonefs.$$
1810 cat /tmp/lucopy.zoneipd.$$
1811 ) | sed 's+.*+^&/+' |
1812 zlogin $ozonename \
1813 "cat > /tmp/lucopy.excl.$$; \
1815 if [ -s /tmp/lucopy.excl.$$ ]; then
1816 cd $zroot$mountpoint && \
1817 find . -depth -print | \
1818 egrep -vf /tmp/lucopy.excl.$$ | \
1819 cpio -ocmP@
1821 cd $zroot$mountpoint && \
1822 find . -depth -print | cpio -ocmP@
1824 )" |
1825 ( cd $tdir && cpio -icdmP@ )
1826 lulib_unmount_pathname $tdir
To describe it, I would say that it will zlogin into the non global
zone, generates there a listing which it sends onto stdin of cpio which
writes an archive on its stdout. That archive is directed to the
stdin of cpio running _OUTSIDE_ the zone (in the global zone) which
finally expands it and writes it to a target directory.
Unfortunatelly few lines above there is this comment:
1769 # Mount each non-lofs zone import in a temporary location
1770 # and copy over the bits that belong there, extracted from
1771 # the running zone. We are now reaching through zone-
1772 # controlled paths and thus must be extremely careful.
1773 # Direct copies are not safe.
And the question is: What can happen if I simply will not generate the
listing and the archive inside the zone but will do it in the global
zone and using 'cpio -p'?
If I generalize the problem a little bit more I would like to know your
opinion about my idea of copying whole BE including zones in just one
'cpio -p'. Why it wouldn't work, please?
Thank you very much for your any reply
zones-discuss mailing list