In Trusted Extensions, a labeled zone manages the mounting of files in its zone. File systems from unlabeled and labeled hosts can be mounted on a Trusted Extensions labeled system. The system must have a route to the file server at the label of the mounting zone.
To mount the files read-write from a single-label host, the assigned label of the remote host must match the label of the mounting zone. Two remote host configurations are possible.
The untrusted remote host is assigned the same label as the mounting zone.
The trusted remote host is a multilevel server that includes the label of the mounting zone.
File systems that are mounted by a higher-level zone are read-only.
In Trusted Extensions, the auto_home configuration file is customized per zone. The file is named by zone name. For example, a system with a global zone and a public zone has two auto_home files, auto_home_global and auto_home_public.
Trusted Extensions uses the same mounting interfaces as Oracle Solaris:
By default, file systems are mounted at boot.
To mount file systems dynamically, use the mount command in the labeled zone.
To automount home directories, use the auto_home_zone-name files.
To automount other directories, use the standard automount maps.
Before You Begin
You must be on the client system, in the zone at the label of the files that you want to mount. Verify that the file system that you want to mount is shared. Unless you are using the automounter, you must be assigned the File System Management rights profile. To mount from lower-level servers, the zone on this client must be configured with the net_mac_aware privilege.
Most procedures include creating a workspace at a particular label. To create a workspace, see How to Add a Workspace at Your Minimum Label in Trusted Extensions User’s Guide.
In the labeled zone, use the mount command.