Sun Microsystems 10 manual Options for using ZFS in local zones, NFS and local zones

4.1.6.6. Options for using ZFS in local zones

[hes] Depending on the manner of configuration of ZFS in zones, there are different application options for ZFS in zones.

Table 4: [hes] Options for using ZFS in local zones

4.1.6.7. NFS and local zones

[ug] The use of zones does not change anything in the global zone with respect to NFS. A local zone can mount file systems from NFS servers. The following restrictions must be observed:

∙A local zone cannot be used as a Solaris NFS server, that is, it cannot serve any file systems itself since the NFS service runs in the kernel and cannot yet run in a local zone.

∙With a userland NFS server (e.g. Sourceforge.net: unfs3, not delivered with Solaris) a zone can be used as an NFS server.

∙A local zone should not mount a file system from its global zone. This seems to be possible since the mount is possible, but loss of data can occur (bug 5065254)

4.1.6.8. Volume manager in local zones

[ug] One frequently asked question is how to use a volume manager in a local zone. Unfortunately, this is not possible.

On the one hand, a volume manager such as the Solaris Volume Manager (SVM) or the Veritas Volume Manager (VxVM) needs drivers that cannot be loaded separately in a local zone. On the other hand, a volume manager creates device nodes in /dev which are used to access the volumes that have been created. It is not possible to create a device node inside of a local zone, since this would represent a security hole. If a zone would be able to create any device node, then a zone administrator could create a device node for a disk that is not assigned to the zone, and would have finally read- or write-access to that data.

That is why the creation of device nodes within a local zone is forbidden by restricting privileges for systemcalls inside a local zone. However, a volume manager needs these functions and can therefore not operate within a local zone.

40