How to Troubleshoot Mount Failures in Trusted Extensions

Before You Begin

You must be in the zone at the label of the files that you want to mount. You must be the superuser, or in the System Administrator role.

1. Check the security attributes of the NFS server.

   Use the Security Templates tool in the Solaris Management Console at the appropriate scope. For details, see Initialize the Solaris Management Console Server in Trusted Extensions in Oracle Solaris Trusted Extensions Configuration Guide.

   1. Verify that the IP address of the NFS server is an assigned host in one of the security templates.

      The address might be directly assigned, or indirectly assigned through a wildcard mechanism. The address can be in a labeled template, or in an unlabeled template.

   2. Check the label that the template assigns to the NFS server.

      The label must be consistent with the label at which you are trying to mount the files.

2. Check the label of the current zone.

   If the label is higher than the label of the mounted file system, then you cannot write to the mount even if the remote file system is exported with read/write permissions. You can only write to the mounted file system at the label of the mount.

3. To mount file systems from an NFS server that is running earlier versions of Trusted Solaris software, do the following:

   • For a Trusted Solaris 1 NFS server, use the vers=2 and proto=udp options to the mount command.

   • For a Trusted Solaris 2.5.1 NFS server, use the vers=2 and proto=udp options to the mount command.

   • For a Trusted Solaris 8 NFS server, use the vers=3 and proto=udp options to the mount command.

   To mount file systems from any of these servers, the server must be assigned to an unlabeled template.