This procedure enables a user in a specified labeled zone to view files that are not exported from the global zone by default.
You must be in the System Administrator role in the global zone.
Halt the zone whose configuration you want to change.
# zoneadm -z zone-name halt |
Loopback mount a file or directory.
For example, enable ordinary users to view a file in the /etc directory.
# zonecfg -z zone-name add filesystem set special=/etc/filename set directory=/etc/filename set type=lofs add options [ro,nodevices,nosetuid] end exit |
Certain files are not used by the system, so that loopback mounting them has no effect. For example, the /etc/dfs/dfstab file in a labeled zone is not checked by Trusted Extensions software. For more information, see Sharing Files From a Labeled Zone.
Start the zone.
# zoneadm -z zone-name boot |
In this example, the security administrator wants to enable testers and programmers to check that their local passwords are set. After the sandbox zone is halted, it is configured to loopback mount the passwd file. Then, the zone is restarted.
# zoneadm -z sandbox halt # zonecfg -z sandbox add filesystem set special=/etc/passwd set directory=/etc/passwd set type=lofs add options [ro,nodevices,nosetuid] end exit # zoneadm -z sandbox boot |