Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: December 2017
 
 

How to Share File Systems From a Labeled Zone

To mount or share directories that originate in labeled zones, set the appropriate ZFS share properties on the file system. Then, restart the zone to share the labeled directories.

Caution

Caution  - Do not use proprietary names for shared file systems. The names of shared file systems are visible to every user.

Before You Begin

You must be assigned the ZFS File System Management rights profile.

  1. Create a workspace at the label of the file system that is going to be shared.

    For details, see How to Add a Workspace at Your Minimum Label in Trusted Extensions User’s Guide.

  2. In the zone, create the file system. 
    # zfs create rpool/wdocs1
  3. Share the file system by setting ZFS share properties.

    For example, the following set of commands shares a documentation file system for writers. The file system is shared read-write so that writers can modify their documents on this server. setuid programs are disallowed.

    # zfs set share=name=wdocs1,path=/wdocs1,prot=nfs,setuid=off,
exec=off,devices=off rpool/wdocs1
# zfs set sharenfs=on rpool/wdocs1

    The command line is wrapped for display purposes.

  4. For each zone, share the directories by starting the zone.

    In the global zone, run one of the following commands for each zone. Each zone can share its file systems in any of these ways. The actual sharing occurs when each zone is brought into the ready or running state.

    • If the zone is not in the running state and you do not want users to log in to the server at the label of the zone, set the zone state to ready. 
      # zoneadm -z zone-name ready
    • If the zone is not in the running state and users are allowed to log in to the server at the label of the zone, boot the zone. 
      # zoneadm -z zone-name boot
    • If the zone is already running, reboot the zone. 
      # zoneadm -z zone-name reboot
  5. Display the file systems that are shared from your system.

    In the root role in the global zone, run the following command:

    # zfs get all rpool

    For more information, see Querying ZFS File System Information in Managing ZFS File Systems in Oracle Solaris 11.3.

  6. To enable the client to mount the shared file system, see How to NFS Mount Files in a Labeled Zone.
Example 27  Sharing the /export/share File System at the PUBLIC Label

For applications that run at the label PUBLIC, the system administrator enables users to read the documentation in the /export/reference file system of the public zone.

First, the administrator changes the workspace label to public workspace and opens a terminal window. In the window, the administrator sets selected share properties on the /reference file system. The following command is wrapped for display purposes.

# zfs set share=name=reference,path=/reference,prot=nfs,
setuid=off,exec=off,devices=off,rdonly=on rpool/wdocs1

Then, the administrator shares the file system.

# zfs set sharenfs=on rpool/reference

The administrator leaves the public workspace and returns to the Trusted Path workspace. Because users are not allowed to log in to this file server, the administrator shares the file system by putting the zone in the ready state:

# zoneadm -z public ready

Users can access the shared file system once it is mounted on the users' systems.

Copyright © 1992, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next