On Wed, Sep 10, 2008 at 8:58 AM, Jerry Jelinek <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: >> On Wed, Sep 10, 2008 at 12:55:53PM +0100, Lewis Thompson wrote: >>> On Tue, 2008-09-09 at 09:04 -0400, Jeff Victor wrote: >>>> The zonecfg man page has an example of the use of fs options: >>>> >>>> zonecfg:myzone3> add fs >>>> zonecfg:myzone3:fs> set dir=/usr/local >>>> zonecfg:myzone3:fs> set special=/opt/local >>>> zonecfg:myzone3:fs> set type=lofs >>>> zonecfg:myzone3:fs> add options [ro,nodevices] >>>> zonecfg:myzone3:fs> end >>>> >>>> Have you attempted to specify the options using that syntax? >>> Hi Jeff and Jerry >>> >>> Thank you, I was indeed using the wrong syntax and have added the >>> options successfully now >>> >>> Thanks for fast response >> >> Could we please discuss why fs options specified in zone configuration are >> better then just /etc/vfstab ? > > Using fs causes the mount to be managed/controlled by the global zone admin. > Zones itself does the mount > based on how the zone is configured. > > Using the zone's vfstab means you have to give device access to the zone, > which also means that the zone has > the ability to construct a bad file system on the device and panic the > machine, so this is inherently less secure > than using fs. > > However, sometimes you want to give device access to the zone, so both > techniques are available, but it is generally > preferred to use fs, since it is more constrained and secure than adding a > device to the zone.
Also, there is one situation - not part of the original request - where the use of /etc/vfstab is not only preferable, it's required: NFS mounts. If a zone needs to mount an NFS share from a different system, the zone's administrator must perform the mount, either manually - from within the zone - or automatically, in the zone's /etc/vfstab. -- --JeffV _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
