This is probably better suited for zones-discuss than
security-discuss.  I've set the reply accordingly.

On Fri, Oct 15, 2010 at 3:02 PM, Pete Chan <> wrote:
> hello,
> i am trying to figure out how to install a package in a global zone under
> /opt and be able to access the binaries of the package from a non-global
> zone.
> in other words the users of these package do not have access to the global
> zone and only have access to the non-global. How do I propagate this
> installation to the non-global zone?

The answer varies depending on whether you are running Solaris 10 or
OpenSolaris.  I'll assume you are running Solaris 10 in my answer.

When you run a command like

pkgadd -d . SOMEpackage

in the global zone, the default behavior is that the package will
automatically be installed in all non-global zones as well.  This
behavior can be changed via the -G option to pkgadd, which will cause
it to install only in the global zone.  If the developer that created
SOMEpackage put SUNW_PKG_THIS_ZONE=true in the pkginfo file
(SOMEpackage/pkginfo), then it will not automatically be installed in
all of the non-global zones.  In such a case, you will need to install
the package in each zone individually.  It may be sufficient to add a
read-only lofs mount to each zone instead of installing it in all
zones.  That is,

zonecfg -z zone1
add fs
set special=/opt/SOMEpackage
set dir=/opt/SOMEpackage
set options=ro

Then reboot the zone or issue the appropriate mkdir and mount -F lofs
-o ro ... commands to create the lofs mounts without rebooting.

If you are on OpenSolaris (with the pkg command, not ancient SXCE
which will act like Solaris 10) you will need to install the software
in all zones that require it.  The new way of doing things breaks the
strong ties between software selection in the global zone and all
non-global zones.

Mike Gerdts
zones-discuss mailing list

Reply via email to