Non-Global Zones in Solaris 11.1 (Part – 3)

Continuing from Previous Post (https://ervikrant06.wordpress.com/2014/06/15/solaris-11-1-non-global-zones-part-2/) . In this post explaining the fixed-configuration. In fixed-configuration you will get some privileges of creating the file in some directories in /var/ and totally in /tmp.

Step 1 : Checked the current setting on non-global zone. It is currently in strict configuration.

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
5:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:R:strict

Step 2 : Changed the file-mac-profile property to fixed-configuration and rebooted the zone to take into effect.

root@solaris11:~# zonecfg -z testzone1 set file-mac-profile=fixed-configuration
root@solaris11:~# zoneadm -z testzone1 reboot

Step 3 : We can see that now it’s reflecting the change in output.

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
6:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:R:fixed-configuration

Step 4 : Now starting with verification part. In fixed configuration we can create the files in /var and /tmp file system except configuration directories present in /var/ file system.

Lets try to create file in /opt file system. We will not be able to do that.

root@testzone1:/var# cd /opt/

root@testzone1:/opt# touch file1
touch: cannot create file1: Read-only file system

In fixed-configuration we can create the files in /var and /tmp file system except configuration directories present in /var/ file system.

root@testzone1:~# cd /var/

root@testzone1:/var# touch file1

root@testzone1:/opt# touch /tmp/file2

Lets try in configuration directory we are not able to do that.

root@testzone1:/opt# touch /var/ld/file1
touch: cannot create /var/ld/file1: Read-only file system

If we are going to disable the service in zone it will not persist across reboots. Service is coming up after reboot.

root@testzone1:/opt# svcs -a | grep -i ssh

online 15:56:53 svc:/network/ssh:default

root@testzone1:/opt# svcadm disable ssh

root@testzone1:/opt# svcs -a | grep -i ssh
disabled 16:06:33 svc:/network/ssh:default

root@solaris11:~# zoneadm -z testzone1 reboot

root@solaris11:~# zlogin testzone1
[Connected to zone ‘testzone1’ pts/2]
Oracle Corporation SunOS 5.11 11.1 September 2012

root@testzone1:~# svcs -a | grep -i ssh
online 16:07:15 svc:/network/ssh:default

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s