How to Loopback Mount a File That Is Usually
Not Visible in a Labeled Zone
This procedure enables a user in a specified labeled zone to view files that are not exported from the global zone by default.
Before You Begin
You must be in the System Administrator role in the global zone.
-
Halt the zone whose configuration you want to change.
# zoneadm -z zone-name halt
-
Loopback mount a file or directory.
For example, enable ordinary users to view a file in the /etc directory.
# zonecfg -z zone-name add filesystem set special=/etc/filename set directory=/etc/filename set type=lofs add options [ro,nodevices,nosetuid] end exit
Note –Certain files are not used by the system, so that loopback mounting them has no effect. For example, the /etc/dfs/dfstab file in a labeled zone is not checked by Trusted Extensions software. For more information, see Sharing Files From a Labeled Zone.
-
Start the zone.
# zoneadm -z zone-name boot
Example 16–3 Loopback Mounting the /etc/passwd file
In this example, the security administrator wants to enable testers and programmers to check that their local passwords are set. After the sandbox zone is halted, it is configured to loopback mount the passwd file. Then, the zone is restarted.
# zoneadm -z sandbox halt
# zonecfg -z sandbox
add filesystem
set special=/etc/passwd
set directory=/etc/passwd
set type=lofs
add options [ro,nodevices,nosetuid]
end
exit
# zoneadm -z sandbox boot
|
- © 2010, Oracle Corporation and/or its affiliates