Traversing File Systems - Creating and Using Oracle® Solaris Zones

Creating and Using Oracle^® Solaris Zones

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Creating and Using Oracle^® ... » About Oracle Solaris Zones Administration » File Systems and Non-Global Zones » Traversing File Systems

Updated: May 2015

Creating and Using Oracle^® Solaris Zones

Document Information

Using This Documentation

Chapter 1 How to Plan and Configure Non-Global Zones

Chapter 2 About Installing, Shutting Down, Halting, Uninstalling, and Cloning Non-Global Zones

Chapter 3 Installing, Booting, Shutting Down, Halting, Uninstalling, and Cloning Non-Global Zones

Chapter 6 Live Zone Reconfiguration

Chapter 7 About Zone Migrations and the zonep2vchk Tool

Chapter 8 Migrating Oracle Solaris Systems and Migrating Non-Global Zones

Chapter 9 About Automatic Installation and Packages on an Oracle Solaris 11.2 System With Zones Installed

Chapter 10 About Oracle Solaris Zones Administration

Global Zone Visibility and Access

Process ID Visibility in Zones

System Observability in Zones

Reporting Active Zone Statistics with the zonestat Utility

Monitoring Non-Global Zones Using the fsstat Utility

Non-Global Zone Node Name

Running an NFS Server in a Zone

File Systems and Non-Global Zones

The o nosuid Option

Mounting File Systems in Zones

Unmounting File Systems in Zones

Security Restrictions and File System Behavior

Non-Global Zones as NFS Clients

Use of mknod Prohibited in a Zone

Traversing File Systems

Restriction on Accessing A Non-Global Zone From the Global Zone

Networking in Shared-IP Non-Global Zones

Shared-IP Zone Partitioning

Shared-IP Network Interfaces

IP Traffic Between Shared-IP Zones on the Same Machine

Oracle Solaris IP Filter in Shared-IP Zones

IP Network Multipathing in Shared-IP Zones

Networking in Exclusive-IP Non-Global Zones

Exclusive-IP Zone Partitioning

Exclusive-IP Data-Link Interfaces

IP Traffic Between Exclusive-IP Zones on the Same Machine

Oracle Solaris IP Filter in Exclusive-IP Zones

IP Network Multipathing in Exclusive-IP Zones

Device Use in Non-Global Zones

/dev and the /devices Namespace

Exclusive-Use Devices

Device Driver Administration

Utilities That Do Not Work or Are Modified in Non-Global Zones

Running Applications in Non-Global Zones

Resource Controls Used in Non-Global Zones

Fair Share Scheduler on a System With Zones Installed

FSS Share Division in a Global or Non-Global Zone

Share Balance Between Zones

Extended Accounting on a System With Zones Installed

Privileges in a Non-Global Zone

Using IP Security Architecture in Zones

IP Security Architecture in Shared-IP Zones

IP Security Architecture in Exclusive-IP Zones

Using Oracle Solaris Auditing in Zones

Core Files in Zones

Running DTrace in a Non-Global Zone

About Backing Up an Oracle Solaris System With Zones Installed

Backing Up Loopback File System Directories

Backing Up Your System From the Global Zone

Backing Up Individual Non-Global Zones on Your System

Creating Oracle Solaris ZFS Backups

Determining What to Back Up in Non-Global Zones

Backing Up Application Data Only

General Database Backup Operations

About Restoring Non-Global Zones

Commands Used on a System With Zones Installed

Chapter 11 Administering Oracle Solaris Zones

Chapter 12 Configuring and Administering Immutable Zones

Chapter 13 Troubleshooting Miscellaneous Oracle Solaris Zones Problems

Chapter 14 Getting Started With Oracle Solaris Zones on Shared Storage

Language:

Traversing File Systems

A zone's file system namespace is a subset of the namespace accessible from the global zone. Unprivileged processes in the global zone are prevented from traversing a non-global zone's file system hierarchy through the following means:

Specifying that the zone root's parent directory is owned, readable, writable, and executable by root only
Restricting access to directories exported by /proc

Note that attempting to access AutoFS nodes mounted for another zone will fail. The global administrator must not have auto maps that descend into other zones.

Copyright © 2004, 2015, Oracle and/or its affiliates. All rights reserved. Legal Notices