beautypg.com

Options for using zfs in local zones, Nfs and local zones, Volume manager in local zones – Sun Microsystems SOLARIS 10 User Manual

Page 47

background image

Version 3.1-en

Solaris 10 Container Guide - 3.1 4. Best Practices

Effective: 30/11/2009

4.1.6.6. Options for using ZFS in local zones
[hes] Depending on the manner of configuration of ZFS in zones, there are different application
options for ZFS in zones.

ZFS operation in a

local zone

Allocation of an

individual ZFS
within a zone

legacy mount

Adding of a ZFS

dataset to a zone
/ Creation of a
ZFS in the local
zone

Adding of a ZFS

volume dataset
to a zone

Using of a

ZFS
filesystem via
lofs

umount

no

yes

yes

no

destroy

no

yes

no

no

create snapshot

no

yes

no

no

zfs set

no

yes

no

no

ZFS mount visible in

global zone

no

no

no

yes

Table 4: [hes] Options for using ZFS in local zones

4.1.6.7. NFS and local zones

[ug] The use of zones does not change anything in the global zone with respect to NFS. A local zone
can mount file systems from NFS servers. The following restrictions must be observed:

A local zone cannot be used as a Solaris NFS server, that is, it cannot serve any file systems
itself since the NFS service runs in the kernel and cannot yet run in a local zone.

With a userland NFS server (e.g. Sourceforge.net: unfs3, not delivered with Solaris) a zone can
be used as an NFS server.

A local zone should not mount a file system from its global zone. This seems to be possible
since the mount is possible, but loss of data can occur (bug 5065254)

4.1.6.8. Volume manager in local zones
[ug] One frequently asked question is how to use a volume manager in a local zone. Unfortunately,
this is not possible.

On the one hand, a volume manager such as the Solaris Volume Manager (SVM) or the Veritas
Volume Manager (VxVM) needs drivers that cannot be loaded separately in a local zone.
On the other hand, a volume manager creates device nodes in /dev which are used to access the
volumes that have been created. It is not possible to create a device node inside of a local zone,
since this would represent a security hole. If a zone would be able to create any device node, then a
zone administrator could create a device node for a disk that is not assigned to the zone, and would
have finally read- or write-access to that data.

That is why the creation of device nodes within a local zone is forbidden by restricting privileges for
systemcalls inside a local zone. However, a volume manager needs these functions and can
therefore not operate within a local zone.

40

See also other documents in the category Sun Microsystems Hardware: