Project

General

Profile

Actions

Bug #1784

closed

zone configuration passes zonecfg but not zoneadm for limitpriv property

Added by Eric Sproul almost 11 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Start date:
2011-11-16
Due date:
2014-05-05
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

I committed a configuration for a zone that passed 'verify' within zonecfg but on boot, failed to verify with zoneadm.

Existing zone config:

# zonecfg -z foo 
zonecfg:foo> export
create -b
set zonepath=/data/zones/foo
set brand=ipkg
set autoboot=true
set limitpriv=default,dtrace_proc,dtrace_user
set ip-type=exclusive
add net
set physical=foo0
end
add dataset
set name=data/set/foo
end

Updated config changed limitpriv:

zonecfg:foo> set limitpriv=default,dtrace_proc,dtrace_user,sys_net_config
zonecfg:foo> verify
zonecfg:foo> commit
zonecfg:foo>

Upon boot:

# zoneadm -z foo boot
privilege "sys_net_config" is not permitted within the zone's privilege set
zoneadm: zone foo failed to verify

It turns out that I don't need this privilege anyway, but I would expect zonecfg to squeal about this when I asked it to verify the config.

Actions #1

Updated by Eric Sproul almost 11 years ago

Forgot to mention: this is on an OI 151 system.

Actions #2

Updated by Rich Lowe almost 11 years ago

  • Project changed from site to illumos gate
Actions #3

Updated by Alexander Eremin over 8 years ago

  • Subject changed from Zone configuration passes zonecfg but not zoneadm to zone configuration passes zonecfg but not zoneadm for limitpriv property
  • Status changed from New to In Progress
  • Assignee set to Alexander Eremin
  • % Done changed from 0 to 20
Actions #4

Updated by Alexander Eremin over 8 years ago

  • Due date set to 2014-05-05
  • Status changed from In Progress to Pending RTI
  • % Done changed from 20 to 100
Actions #5

Updated by Electric Monk over 8 years ago

  • Status changed from Pending RTI to Closed

git commit f93d2c191d5ef071436181338612f79b8daa751c

commit  f93d2c191d5ef071436181338612f79b8daa751c
Author: Alexander Eremin <a.eremin@nexenta.com>
Date:   2014-05-05T16:45:47.000Z

    1784 zone configuration passes zonecfg but not zoneadm for limitpriv property
    Reviewed by: Andrew Stormont <AStormont@racktopsystems.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Approved by: Gordon Ross <gwr@nexenta.com>

Actions

Also available in: Atom PDF