Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Loopback Mount a File That Is Usually Not Visible in a Labeled Zone

This procedure enables a user in a specified labeled zone to view files that are not exported from the global zone by default.

Before You Begin

You must be in the System Administrator role in the global zone.

  1. Halt the zone whose configuration you want to change.
    # zoneadm -z zone-name halt
  2. Loopback mount a file or directory.

    For example, enable ordinary users to view a file in the /etc directory.

    # zonecfg -z zone-name
    add filesystem
    set special=/etc/filename
    set directory=/etc/filename
    set type=lofs
    add options [ro,nodevices,nosetuid]
    end
    exit
  3. Start the zone.
    # zoneadm -z zone-name boot
Example 18  Loopback Mounting the /etc/passwd file

In this example, the security administrator enables testers and programmers to check that their local passwords are set. After the sandbox zone is halted, it is configured to loopback mount the passwd file. After the zone is restarted, regular users can view the entries in the passwd file.

# zoneadm -z sandbox halt
# zonecfg -z sandbox
add filesystem
set special=/etc/passwd
set directory=/etc/passwd
set type=lofs
add options [ro,nodevices,nosetuid]
end
exit
# zoneadm -z sandbox boot