[OpenAFS] openafs in solaris10 containers

Douglas E. Engert deengert@anl.gov
Mon, 04 Dec 2006 09:02:14 -0600


Also note that with Solaris zones, PAGs are shared across zones. If a
process is not in a PAG it uses the UID for the user, and thus if two
zones use the same UID, the processes can use the same tokens. This may
be a security issue in the way you use the zone.


Tom Keiser wrote:

> On 12/3/06, Matthew Cocker <cockerm@gmail.com> wrote:
> 
>> Anyone running afs client in a solaris 10 container environment? I 
>> have seen
>> some references that you can not run afs in the "child containers" but 
>> you
>> have to run it from the "main container" (I may have the solaris terms
>> mixed). Is this correct?
>>
> 
> Many people are running afs and containers in production.  You need to
> run afsd in the global zone.  Use lofs mounts to import all or part of
> the afs namespace into the child zones. Importing all of /afs into a
> zone just requires the following zonecfg stanza:
> 
> add fs
> set type=lofs
> set dir=/afs
> set special=/afs
> end
> 
> Use set options as you like.
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444