HELP: Does this potential security for SCSI devices only?
Q: How can I add a filesystem to an existing zone?
3. Export the device associated with the disk partition to the non-global zone, create the filesystem in the non-global zone and mount it (has potential security issues)
To my understanding, the security issue is to associate SCSI devices to the zones, how about associate other devices like meta /dev/md/dsk(indirectly to scsi devies), or fibre devices ?
[425 byte] By [
yjfan] at [2007-11-26 6:49:38]
# 1
Per what I've found (limited research) -- you cannot export Metadevices to local zones. You could however export native slices (/dev/dsk/c1t0d0s4, /dev/rdsk/<ditto>) to the local zone and then mkfs/newfs your filesystem.
In order to mount a metadevice exclusively in a local zone -- do the following:
(/) # zonecfg -z z1
zonecfg:z1> info
zonepath: /zones/z1
autoboot: true
pool:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt
fs:
dir: /build
special: /dev/md/dsk/d43
raw: /dev/md/rdsk/d43
type: ufs
options: []
net:
address: 192.168.1.2
physical: eri0
zonecfg:z1>
Meaning -- you have to create the metadevice in the global zone and newfs/mkfs it there. After that, you can export the UFS filesystem and associated block and raw metadevices to the local zone. When you reboot your local zone, it'll bring up the new filesystem automagically...
There are several HOWTO docs out there that walk you through using various methods of adding "filesystems" to a local zone.
Message was edited by:
implicate_order
