Updated Laptop Configuration Instructions
The Laptop Instructions for Trusted Extensions have been revised to focus on the latest updates of Solaris 10 and Nevada. In Solaris 10 update 5 and Nevada, there is no longer a separate installation step, since Trusted Extensions is enabled as an SMF service. However, there are still some significant differences with respect to configuring a laptop using DHCP. The new instructions take advantage of the Network Auto-Magic project (NWAM). Included in the instructions is a tarball of shell scripts for specifying label-related behavior of the dynamically assigned address. These scripts conditionally assign the appropriate default network template, public or internal, based on the domain name returned by the DHCP server. For example, in my case, if the domain is sun.com, then the default template is internal. You can edit the INTERNAL_DOMAIN variable in the check-configuration file to specify your own internal domain.
These NWAM scripts also manage an additional logical interface using the physical interface that is currently in use. It is only visible in the global zone to support NFS file sharing, and is therefore called mynfs. To avoid conflicts with network assigned addressses, I used a private network address of 127.0.0.2 for mynfs, and use the all-zones DHCP assigned address to route NFS requests from labeled zones into the global zone.
I prefer using an NFS server on my laptop, instead of relying on the cross-zone LOFS mounts of /export/home that are automatically created when zones are booted. The LOFS mechanism occasionally get out of sync with the automount daemon depending on the order in which the zones are booted. Furthermore, the NFS mechanism is more configurable and demonstrates some commonly misunderstood features of Trusted Extensions.
Instead of separate instances of /etc/dfs/dfstab for each zone, I am using the sharemgr tool. I created a sharemgr group for each zone, e.g.
# sharemgr create public
# sharemgr add /zone/public/root/export/home public
The actual sharing occurs when the zone is booted. There are two shell scripts in /usr/lib/zones that are called when zones are either booted or halted. I modified zoneshare to call
sharemgr enable $zonename
and similarly, I modified zoneunshare to call
sharemgr disable $zonename
Then I modified the file /etc/auto_home_public in each of the higher-level zones, as follows:
* mynfs:/zone/public/root/export/home/&
This works well for me unless my network connection changes while the NFS mount is active. That's because the underlying logical interface for mynfs is unplumbed and moved to a new logical interface when I switch between wired to wireless.
Posted at 01:59PM Jul 07, 2008 by gfaden in Sun | Comments[9]
I prefer using an NFS server on my laptop, instead of relying on the cross-zone LOFS mounts of /export/home that are automatically created when zones are booted. The LOFS mechanism occasionally get out of sync with the automount daemon depending on the order in which the zones are booted. Furthermore, the NFS mechanism is more configurable and demonstrates some commonly misunderstood features of Trusted Extensions.
Posted by laptop batteries on November 27, 2008 at 05:35 PM PST #
Hi Glenn,
I assume the tx-nwam.tar tar ball (http://www.opensolaris.org/os/community/security/projects/tx/tx-laptop-install/tx-nwam.tar) gets untar'ed into /etc/nwam, right?
# (cd /etc/nwam; tar xvf /tmp/tx-nwam.tar)
-Christoph
Posted by Christoph Schuba on January 09, 2009 at 08:08 AM PST #
thanks..
Posted by kelebek on April 26, 2009 at 03:43 AM PDT #
thxxxx
Posted by sikiş on May 30, 2009 at 01:57 AM PDT #
thank you admin
Posted by sevişme on May 30, 2009 at 01:58 AM PDT #
thank you very much admın. very good site
Posted by sohbet odaları on July 11, 2009 at 02:15 AM PDT #
thanks
Posted by fidancılık on October 19, 2009 at 12:04 AM PDT #
thanks
Posted by fidan istanbul on October 19, 2009 at 12:05 AM PDT #
tesekkurler
Posted by fidancılık firmaları on October 19, 2009 at 12:05 AM PDT #