[OpenIndiana-discuss] local zones and local users

Bob Friesenhahn bfriesen at simple.dallas.tx.us
Thu Nov 10 02:27:35 UTC 2016 

On Wed, 9 Nov 2016, Maurilio Longo via openindiana-discuss wrote:
>
> Which is similar to a global zone's hierarchy and gives me a local user which 
> is not root.
>
> I did try to create the export filesystem as child of nas/zones/zone1 but I 
> can't, I get a permission denied error.
>
> Now, just to be sure, am I the only one who tries/wants to proceed like this?
>
> I've found several examples related to Solaris 11 where the global zone's 
> /export/home is imported via zonecfg inside the local zone, but I'm still 
> unable to find an example where export/home is created inside a local zone's 
> root fs.

Normally one tries really hard to avoid putting any actual data in the 
zone since this becomes dead weight (or baggage) whenever the zone is 
cloned and going back to an earlier snapshot reverts both the zone 
root and the data.  Instead you have the zone do a loopback mount of a 
directory in the global zone, and apparently one can also do a zfs 
mount of a filesystem if that is desired.  For security reasons, zones 
are not normally allowed to do their own mounts (requires a filesystem 
mount privilege).

This is the zone definition I used such that the zone 'base' mounts 
'zonelogs/base' in the external zone:

create -b
set zonepath=/zones/base
set brand=ipkg
set autoboot=true
set limitpriv=default
set ip-type=exclusive
add fs
set dir=/logs
set special=/zonelogs/base
set type=lofs
add options rw
add options nodevices
end
add net
set physical=base0
end

and here is one where data ('/ftp') is mounted, and logs 
('/zonelogs/ftp') are mounted:

create -b
set zonepath=/zones/ftp
set brand=ipkg
set autoboot=true
set limitpriv=default
set ip-type=exclusive
add fs
set dir=/ftp
set special=/ftp
set type=lofs
add options rw
add options nodevices
end
add fs
set dir=/logs
set special=/zonelogs/ftp
set type=lofs
add options rw
add options nodevices
end
add net
set physical=ftp0
end

These are from OmniOS, but OpenIndiana should be similar (the brand 
may be different).

Bob
-- 
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

More information about the openindiana-discuss mailing list