Hi, when I delegate the zfs roles to a user, the user can create a snapshot of zfs filesystem, but cannot snapshot a zone contained in that filesystem. The output is: $ /usr/sbin/zfs snapshot tank/zones/dashboardbuild/ROOT/z...@1install cannot create snapshot 'tank/zones/dashboardbuild/ROOT/z...@1install': permission denied
The root user can create the snapshot just fine. This is with OSOL b132/amd64 Am I doing something wrong? TIA full session log follows: # cat /tank/zones/dashboardbuild.cfg create -b set zonepath=/tank/zones/dashboardbuild set autoboot=true add net set address=10.10.2.43 set physical=e1000g0 end add fs set dir=/home set special=/export/home set type=lofs end # zfs create tank/zones/dashboardbuild # chmod 700 /tank/zones/dashboardbuild # zonecfg -z dashboardbuild -f /tank/zones/dashboardbuild.cfg # zoneadm -z dashboardbuild install Publisher: Using opensolaris.org (http://pkg.opensolaris.org/dev/ ). Publisher: Using contrib.opensolaris.org (http://pkg.opensolaris.org/contrib/). Image: Preparing at /tank/zones/dashboardbuild/root. Cache: Using /var/pkg/download. Sanity Check: Looking for 'entire' incorporation. Installing: Core System (output follows) DOWNLOAD PKGS FILES XFER (MB) Completed 43/43 12186/12186 84.7/84.7 PHASE ACTIONS Install Phase 17622/17622 No updates necessary for this image. Installing: Additional Packages (output follows) DOWNLOAD PKGS FILES XFER (MB) Completed 37/37 3345/3345 21.8/21.8 PHASE ACTIONS Install Phase 4519/4519 Note: Man pages can be obtained by installing SUNWman Postinstall: Copying SMF seed repository ... done. Postinstall: Applying workarounds. Done: Installation completed in 543.818 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. # zfs list |grep dashboard tank/zones/dashboardbuild 513M 397G 21K /tank/zones/dashboardbuild tank/zones/dashboardbuild/ROOT 513M 397G 19K legacy tank/zones/dashboardbuild/ROOT/zbe 513M 397G 513M legacy # zfs allow hajma snapshot,rollback,mount tank/zones/dashboardbuild # zfs allow hajma snapshot,rollback,mount tank/zones/dashboardbuild/ROOT # zfs allow hajma snapshot,rollback,mount tank/zones/dashboardbuild/ROOT/zbe # zfs allow tank/zones/dashboardbuild/ROOT/zbe ---- Permissions on tank/zones/dashboardbuild/ROOT/zbe --------------- Local+Descendent permissions: user hajma mount,rollback,snapshot ---- Permissions on tank/zones/dashboardbuild/ROOT ------------------- Local+Descendent permissions: user hajma mount,rollback,snapshot ---- Permissions on tank/zones/dashboardbuild ------------------------ Local+Descendent permissions: user hajma mount,rollback,snapshot # -bash-4.0$ pfexec /usr/sbin/zfs snapshot tank/zones/dashboardbuild/ROOT/z...@1install cannot create snapshot 'tank/zones/dashboardbuild/ROOT/z...@1install': permission denied -bash-4.0$ pfexec /usr/sbin/zfs snapshot tank/zones/dashboardbu...@test -bash-4.0$ this is what I see when I run the command in truss: 2116: ioctl(3, ZFS_IOC_OBJSET_STATS, 0x08044930) = 0 2116: brk(0x080D4000) = 0 2116: ioctl(3, ZFS_IOC_POOL_STATS, 0x08043300) = 0 2116: brk(0x080E4000) = 0 2116: ioctl(3, ZFS_IOC_SNAPSHOT, 0x080462C0) Err#1 EPERM [sys_mount] 2116: fstat64(2, 0x08045260) -- This message posted from opensolaris.org _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
