This procedure enables a user in a specified labeled zone to view files that are not exported from the global zone by default.
Before You Begin
You must be in the System Administrator role in the global zone.
# zoneadm -z zone-name halt
For example, enable ordinary users to view a file in the /etc directory.
# zonecfg -z zone-name add filesystem set special=/etc/filename set directory=/etc/filename set type=lofs add options [ro,nodevices,nosetuid] end exit
# zoneadm -z zone-name boot
In this example, the security administrator enables testers and programmers to check that their local passwords are set. After the sandbox zone is halted, it is configured to loopback mount the passwd file. After the zone is restarted, regular users can view the entries in the passwd file.
# zoneadm -z sandbox halt # zonecfg -z sandbox add filesystem set special=/etc/passwd set directory=/etc/passwd set type=lofs add options [ro,nodevices,nosetuid] end exit # zoneadm -z sandbox boot