Changelog
Version 2.0.6
- New version with a ton of new functionality
- Unified all filesystems in -r and -w
- Added support for all many filesystem types
- Added support for ZFS volumes
- Added support for ZFS dataset
- Added support for new version of Bastwave
- Added support for OpenSolaris
- Added support for OpenSolaris IPS/pkg
- Added support for SunFreeware via URL for Solaris and IPS for OpenSolaris.
- Extended and refined support for resource management
- Reduced some common flags by making assumptions and setting some defaults.
- Extended zone root directory to include support for ZFS filesystem and customized ZFS options in the zone root directory.
- Configure via input configuration file
- Depricated -N for adding nfs mounts and moved nfs mounts to -r and -w
- Expanded -r and -w filesystem support to include: zfs (fs, zvol, and dataset), ufs, pcfs, hsfs, nfs, and smb/cifs
- Unified variable syntax
Version 1.8.1
- Fixed NM2CIDR and CIDR2NM conversion inconstency AND simplified conversion method. (Thanks James Carlson!)
- Basic hardening mode doesnt' work with lock or unlock for hardening_args.
- Hardening compatibility with v1.7 is incomplete.
- Made successful completion message more meaningful.
Version 1.8
- Updated support for GA version BrandZ
- Eliminated duplication of code between add and modify actions
- Added limiting privleges. See man privileges(5).
- Made hardening feature backward compatible with v1.7 by using
basic mode when lock, unlock, enable, or disable are used for
the hardening mode. - Added ability to set the root users home directory and
root shell via modify action. - Added ability to add CSW packages via modify action.
- Removed minimize action and moved that functionality to
the modify action. - Removed lock/unlock/enable/disable actions and moved that
functionality into the modify action. - Fixed bug with minimization and updated assocciated help.
- Fixed bug with file/directory/link copies
- Fixed bug when specifying multiple interfaces.
- Fixed bug with recursive copy using : instead of | for delimiter.
- Switched to GPL v2 from CDDL
- Replaced all references to /tmp with a variable for a user
specified temporary directory. The default value is /.zonemgr. - Added support for a zone to use an existing filesystem. e.g
Don't error out if the directory/filesystem already exists. - Added ability modify existing zone configuration
- Fixed bug with root home directory not getting set with proper
permissions. - Added ability to display zone info
- Enabled several modes of service hardening including Secure by
by Default, JASS, SMF Site Profile, and Basic. - Incorporated Secure By Default (SBD) into hardening modes.
http://www.opensolaris.org/os/community/security/projects/sbd/
service_profile = [limited|open]
To enable a service once netservices is enabled, you will need
to both enable the service and may have to make it accessible
remotely via the following commands:
svcadm enable <service>
svccfg -s <service> setprop config/local_only = false - Incorporated JASS into hardening modes.
- Incorporated SMF Site Profile into hardening modes.
- Added support for moving a zone to a new directory
- Add support for zone cloning feature.
http://onesearch.sun.com/search/blog/index.jsp?qt=zones+clone - Add detach and attach for moving a zone from one server to another
- Added support to set the root users shell
- Quit setting root PermitRootLogin in ssh sshd_config. The code is
still there but it isn't enabled by default anymore. - Implemented info level error message that won't exit on error.
- Added support for one or more ZFS partitions via type=zfs
http://onesearch.sun.com/search/blog/index.jsp?qt=zones+zfs
zpool create -m <mount_point> <zpool> <device>
zfs set quota=<size>M <zpool>
Version 1.7
- Adopted and incorporated CDDL license via -l flag.
- Added zone cloning.
- Improved usage by making output more man like and piping to less.
- Added Blastwave pkg-get support to automate installing any blastwave
package into a new non-global zone. * Added BrandZ support http://www.opensolaris.org/os/community/brandz Currently supports the lx brand. The -t, -M, -r, -w, -d, -D, and -s are not supported with the brand option. * Added the ability to add a zone with no networking. * Prevent a user from creating a zone when the zone directory that already exists. * Fixed bug where zonepath ends with a / * Added support for multiple IP addresses on independent network interfaces and independent network mask per IP address and host name * Added the ability to specify your own minimization package list file * Added the ability to specify services file via "-f <file>" flag * Added the ability to specify input password file for clear text or encrypted passwords * Removed the -i <interface> flag since it has been obsoleted by the new "-I <ip address>:<interface>:<netmask>:<host name>" method of specifying the network interface. Now the non-global host name will be the host name specified or derived from the first IP address. If no host name is specified or derived, the zone name will be used. * Removed the -H flag since it has been obsolated by the new -I spec * Moved recursive file copy to before command execution so that the command to be executed can be something that was copied into place. * Added hosts file updating for global and new non-global zones * Added the ability to specify multiple commands to run. * Added the ability to setup one or more NFS mounts in /etc/vfstab of the non-global zone. * Fixed bug with -X "<cmd>". * Fixed bug where domain was not getting set in /etc/defaultdomain * Added the ability to specify a destination directory for the file or directory being copied by the -C <file/dir> command. * Added ability to specify a zone root directory * Fixed Bug where TZ doesn't get set * Updated NFSv4 config in sysidcfg for Solaris 06/06 * Fixed Bug with input parameters for optional file parameters * Added the runcmd action that enables you to run one or more commands in all specified zones from the global zone. * Synchronized the delimiter to be the pipe symbol (|) instead of a mix of the pipe and colon.
on 2009/10/26 12:18