[OpenAFS] openafs in solaris10 containers
Douglas E. Engert
deengert@anl.gov
Mon, 04 Dec 2006 09:02:14 -0600
Also note that with Solaris zones, PAGs are shared across zones. If a
process is not in a PAG it uses the UID for the user, and thus if two
zones use the same UID, the processes can use the same tokens. This may
be a security issue in the way you use the zone.
Tom Keiser wrote:
> On 12/3/06, Matthew Cocker <cockerm@gmail.com> wrote:
>
>> Anyone running afs client in a solaris 10 container environment? I
>> have seen
>> some references that you can not run afs in the "child containers" but
>> you
>> have to run it from the "main container" (I may have the solaris terms
>> mixed). Is this correct?
>>
>
> Many people are running afs and containers in production. You need to
> run afsd in the global zone. Use lofs mounts to import all or part of
> the afs namespace into the child zones. Importing all of /afs into a
> zone just requires the following zonecfg stanza:
>
> add fs
> set type=lofs
> set dir=/afs
> set special=/afs
> end
>
> Use set options as you like.
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444