This is probably better suited for zones-discuss than security-discuss. I've set the reply accordingly.
On Fri, Oct 15, 2010 at 3:02 PM, Pete Chan <super_...@hotmail.com> wrote: > hello, > > i am trying to figure out how to install a package in a global zone under > /opt and be able to access the binaries of the package from a non-global > zone. > in other words the users of these package do not have access to the global > zone and only have access to the non-global. How do I propagate this > installation to the non-global zone? The answer varies depending on whether you are running Solaris 10 or OpenSolaris. I'll assume you are running Solaris 10 in my answer. When you run a command like pkgadd -d . SOMEpackage in the global zone, the default behavior is that the package will automatically be installed in all non-global zones as well. This behavior can be changed via the -G option to pkgadd, which will cause it to install only in the global zone. If the developer that created SOMEpackage put SUNW_PKG_THIS_ZONE=true in the pkginfo file (SOMEpackage/pkginfo), then it will not automatically be installed in all of the non-global zones. In such a case, you will need to install the package in each zone individually. It may be sufficient to add a read-only lofs mount to each zone instead of installing it in all zones. That is, zonecfg -z zone1 add fs set special=/opt/SOMEpackage set dir=/opt/SOMEpackage set options=ro end verify commit exit Then reboot the zone or issue the appropriate mkdir and mount -F lofs -o ro ... commands to create the lofs mounts without rebooting. If you are on OpenSolaris (with the pkg command, not ancient SXCE which will act like Solaris 10) you will need to install the software in all zones that require it. The new way of doing things breaks the strong ties between software selection in the global zone and all non-global zones. -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ zones-discuss mailing list email@example.com