Le 27 sept. 09 à 12:55, Miles Benson a écrit :

Hi All,

I'm not sure what I'm seeing is by design or by misconfiguration. I created a filesystem "tank/zones" to hold some zones, then created a specific zone filesystem "tank/zones/basezone". Then built a zone, setting zonepath=/tank/zones/basezone.

If I zlogin to basezone, and do zfs list, it shows the ancestors to basezone


This in itself is not ideal - if a zone become compromised then it's revealing something about the underlying pool and filesystems. I can live with it.

However, if I become root in the zone then the ancestor filesystem is *writable*. I can write a file in /tank/zones! So if I delegate root access to a zone to someone, all of a sudden they can write to the entire pool?

Am I doing something wrong?  Any and all suggestions welcome!

        AFAIK, you shouldn't see all these in your zone.

        Are you in S10 or on OS ?

        Did you delegate any dataset or set the "zoned" flag on ZFS ?

zones-discuss mailing list

Reply via email to