The issue is that from the global zone context (non-zlogin), stuff like
symbolic links to something like /etc could copy files from the global
zone.

I'm not sure why this is dangerous in this case, as we are only reading
from the zone, as cpio does not traverse/open sym links, it just copes the
link itself.

Does this all end up going through zlogin one byte at a time?

-Steve

On Wed, Jul 22, 2009 at 04:57:47PM +0200, Martin Rehak wrote:
> Hi,
> 
> I am trying to get Live Upgrade better by reimplementing some parts of
> the code. What I am not sure of is whether is it safe to do a copy of
> non global zone imports (filesystems dedicated to a zone in its config)
> from the global zone.
> 
> This is existing code (lucopy.sh:1808, install-nv-clone):
> http://grok.czech.sun.com:8080/source/xref/install-nv-clone/usr/src/cmd/inst/liveupgrade/scripts/lucopy.sh
> 
> 1808  (
> 1809      fgrep -xv $mountpoint /tmp/lucopy.zonefs.$$
> 1810      cat /tmp/lucopy.zoneipd.$$
> 1811  ) | sed 's+.*+^&/+' |
> 1812  zlogin $ozonename \
> 1813      "cat > /tmp/lucopy.excl.$$; \
> 1814      (
> 1815          if [ -s /tmp/lucopy.excl.$$ ]; then
> 1816              cd $zroot$mountpoint && \
> 1817              find . -depth -print | \
> 1818              egrep -vf /tmp/lucopy.excl.$$ | \
> 1819                  cpio -ocmP@
> 1820          else
> 1821              cd $zroot$mountpoint && \
> 1822                find . -depth -print | cpio -ocmP@
> 1823          fi
> 1824      )" |
> 1825  ( cd $tdir && cpio -icdmP@ )
> 1826  lulib_unmount_pathname $tdir
> 
> To describe it, I would say that it will zlogin into the non global
> zone, generates there a listing which it sends onto stdin of cpio which
> writes an archive on its stdout. That archive is directed to the
> stdin of cpio running _OUTSIDE_ the zone (in the global zone) which
> finally expands it and writes it to a target directory.
> 
> Unfortunatelly few lines above there is this comment:
> 
> 1769  # Mount each non-lofs zone import in a temporary location
> 1770  # and copy over the bits that belong there, extracted from
> 1771  # the running zone.  We are now reaching through zone-
> 1772  # controlled paths and thus must be extremely careful.
> 1773  # Direct copies are not safe.
> 
> And the question is: What can happen if I simply will not generate the
> listing and the archive inside the zone but will do it in the global
> zone and using 'cpio -p'?
> 
> If I generalize the problem a little bit more I would like to know your
> opinion about my idea of copying whole BE including zones in just one
> 'cpio -p'. Why it wouldn't work, please?
> 
> Thank you very much for your any reply
> -- 
> Martin Rehak
> _______________________________________________
> zones-discuss mailing list
> zones-discuss@opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to