Re: [OpenIndiana-discuss] local zones and local users

Wed, 09 Nov 2016 18:28:40 -0800 

On Wed, 9 Nov 2016, Maurilio Longo via openindiana-discuss wrote:



Which is similar to a global zone's hierarchy and gives me a local user which 
is not root.



I did try to create the export filesystem as child of nas/zones/zone1 but I 
can't, I get a permission denied error.


Now, just to be sure, am I the only one who tries/wants to proceed like this?


I've found several examples related to Solaris 11 where the global zone's 
/export/home is imported via zonecfg inside the local zone, but I'm still 
unable to find an example where export/home is created inside a local zone's 
root fs.



Normally one tries really hard to avoid putting any actual data in the 
zone since this becomes dead weight (or baggage) whenever the zone is 
cloned and going back to an earlier snapshot reverts both the zone 
root and the data.  Instead you have the zone do a loopback mount of a 
directory in the global zone, and apparently one can also do a zfs 
mount of a filesystem if that is desired.  For security reasons, zones 
are not normally allowed to do their own mounts (requires a filesystem 
mount privilege).



This is the zone definition I used such that the zone 'base' mounts 
'zonelogs/base' in the external zone:


create -b
set zonepath=/zones/base
set brand=ipkg
set autoboot=true
set limitpriv=default
set ip-type=exclusive
add fs
set dir=/logs
set special=/zonelogs/base
set type=lofs
add options rw
add options nodevices
end
add net
set physical=base0
end


and here is one where data ('/ftp') is mounted, and logs 
('/zonelogs/ftp') are mounted:


create -b
set zonepath=/zones/ftp
set brand=ipkg
set autoboot=true
set limitpriv=default
set ip-type=exclusive
add fs
set dir=/ftp
set special=/ftp
set type=lofs
add options rw
add options nodevices
end
add fs
set dir=/logs
set special=/zonelogs/ftp
set type=lofs
add options rw
add options nodevices
end
add net
set physical=ftp0
end


These are from OmniOS, but OpenIndiana should be similar (the brand 
may be different).


Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss






















					Reply via email to