I've been playing around with build 40 of Nevada, and when I was about to create a number of zones I recalled that we now can clone zones using zfs, so I gave that a shot.

I started out by creating my "master" zone:

# timex zoneadm -z master install
A ZFS file system has been created for this zone.
Preparing to install zone <master>.
Creating list of files to copy from the global zone.
Copying <2420> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <992> packages on the zone.
Initialized <992> packages on zone.
Zone <master> is initialized.
The file </zones/master/root/var/sadm/system/logs/install_log> contains
a log of the zone installation.

real       5:49.37
user         47.77
sys        2:16.05

One thing that I noticed was that since /zones is a zfs file system, zoneadm automatically created a /zones/master filesystem for me. Neat!

Now it was time to try out the clone feature:

# timex zoneadm -z private clone master
Cloning snapshot pool/zones/master@SUNWzone1
Instead of copying, a ZFS clone has been created for this zone.

real          0.98
user          0.20
sys           0.10

Yowsa! Less than a second to create a zone :)

Besides being very fast, it also saves space! About 56 kB before the zone is booted, and less than 6 MB once the zone is up and running.

# zfs list
NAME                   USED  AVAIL  REFER  MOUNTPOINT
pool                   140M   100G  24.5K  /pool
pool/zones             140M   100G  28.5K  /zones
pool/zones/master     70.0M   100G  69.9M  /zones/master
pool/zones/master@SUNWzone1   120K      -  70.0M  -
pool/zones/private    5.55M   100G  74.7M  /zones/private
pool/zones/public     56.5K   100G  69.9M  /zones/public

[Technorati Tags: Solaris OpenSolaris ]

My old PGP key expired, so I've just created a new one, with the key id 0xAA514677 and fingerprint 4395 A18A 512A 832A 5C4F 666B DDDF 2041 AA51 4677

[Technorati Tags: Security]

IT security is like running with the Red Queeen!

In Lewis Carroll's "Through the Looking-Glass", Alice is constantly running but remaining in the same spot.

"Well, in our country," said Alice, still panting a little, "you'd generally get to somewhere else — if you run very fast for a long time, as we've been doing."

"A slow sort of country!" said the Queen. "Now, here, you see, it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!"

In IT security we have to run as fast as we can just to keep status quo, and if we want to improve security we have to run even faster :)

[Technorati Tags: Security]

I've had a visit by the demo devil before the demo even took place!

I'm writing on a presentation for the sec-heads gathering in Stockholm next week. Initially I had planned to talk about Trusted Extensions (TX) and do a demo, but the demo devile paid a visit to me...

I'm working from home using a DSL connection which is very unreliable, so my downloads stop from time to time, and I have to kick it back to life again. This makes something as simple as downloading the latest Nevada DVD take days! I miss my old 100 MBit Internet connection!!!

I was going to install my Shuttle with the latest build of Nevada and add TX and Trusted JDS, take nice screenshots to include in my presentation and then be able to demo it after the presentation. This turned to dust as I could not get the DVD in time, so three days ago I've had to abandon it.

Instead of talking about TX I will now be talking about OpenSolaris development and how people can join the party. Not a bad change, but I really would have liked to showcase TX and the Trusted JDS.