Solaris 10

Archived Posts from this Category

Wed 12 Dec 2007

Adding interfaces to a running Solaris 10 Zone

Posted by asxinu under Solaris 10, bigadmin, ifconfig, zones
No Comments

This bit was pulled from the bigadmin document Spotlight on Solaris Zones Feature by Amy Rich.

The ifconfig utility has been modified in order to configure and view interfaces based on zone granularity as well, but interfaces can only be plumbed or unplumbed from the global zone. To place an IP interface inside a zone from the global zone:

ifconfig  zone { | }
ifconfig hme0:3 plumb 192.168.1.8 netmask 255.255.255.0 zone myzone up

To print the list of IP interfaces limited to the global zone from the global zone, use ifconfig -aZ. Using ifconfig -a shows network interfaces for all zones.

ifconfig -a
lo0: flags=1000849
        mtu 8232 index 1
        inet 192.168.1.7 netmask ff000000
lo0:1: flags=1000849
        mtu 8232 index 1
        zone myzone
        inet 127.0.0.1 netmask ff000000
hme0: flags=1000843
        mtu 1500 index 2
        inet 192.168.1.4 netmask ffffff00 broadcast 192.168.1.255
        ether 8:0:20:9e:b5:40
hme0:1: flags=1000843
        mtu 1500 index 2
        zone myzone
        inet 192.168.1.7 netmask ffffff00 broadcast 192.168.1.255

ifconfig -aZ
lo0: flags=1000849
        mtu 8232 index 1
        inet 192.168.1.7 netmask ff000000
hme0: flags=1000843
        mtu 1500 index 2
        inet 192.168.1.4 netmask ffffff00 broadcast 192.168.1.255
        ether 8:0:20:9e:b5:40
 

Wed 28 Mar 2007

LD_LIBRARY_PATH and suid apps in solaris 10

Posted by asxinu under Solaris 10, Sun
No Comments

I’ve been helping a app support person setup and install netcool. When they run the following as a non-root user, they get the following:

% /opt/netcool/omnibus/bin/nco_pad -name NCO_PA
ld.so.1: nco_pad: fatal: libPa.so.1: open failed: No such file or directory
Killed

This is a suid application and of course will run just fine as root.

Even with the LD_LIBRARY_PATH variable set to:

/usr/local/lib:/usr/openwin/lib:/usr/local/lib:/app/netcool/platform/solaris2/lib:/app/netcool/omnibus/platform/solaris2/lib:
/app/netcool/omnibus/platform/solaris2/merant/lib:/usr/local/ssl/lib:
/export/home/oracle/oracle/product/10.2.0/client_1/lib:/export/home/oracle/oracle/product/10.2.0/client_1/lib32

The path in red has libPa.so.1

When doing an ldd on the binary:

% ldd nco_pad
libPa.so.1 => (file not found)
libnetcool.so.2 => (file not found)
libm.so.1 => /lib/libm.so.1
libsrv.so => (file not found)
libct.so => (file not found)
libcs.so => (file not found)
libtcl.so => (file not found)
libcomn.so => (file not found)
libintl.so => /lib/libintl.so
libpam.so.1 => /lib/libpam.so.1
libsocket.so.1 => /lib/libsocket.so.1
libnsl.so.1 => /lib/libnsl.so.1
libdl.so.1 => /lib/libdl.so.1
libc.so.1 => /lib/libc.so.1
libcmd.so.1 => /lib/libcmd.so.1
libmp.so.2 => /lib/libmp.so.2
libmd5.so.1 => /lib/libmd5.so.1
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libm.so.2 => /lib/libm.so.2
/platform/SUNW,Sun-Fire-V440/lib/libc_psr.so.1
/platform/SUNW,Sun-Fire-V440/lib/libmd5_psr.so.1

Yet all files not found above are in the LD_LIBRARY_PATH

As it turns out, when there is a application that has a suid bit set, the environment variables get ignored. If you use the command crle, you can add permanent or replaceable environment variables. I just used the command:

crle -e LD_LIBRARY_PATH=/app/netcool/platform/solaris2/lib:/app/netcool/omnibus/
platform/solaris2/lib:/usr/local/lib:/usr/lib:/opt/netcool/platform/solaris2/lib

After doing this, the application worked as expected.

More on crle. I did some more reading and have found that my previous thoughts on crle are correct but are a nuiscance. The reason being the nature of the location of the various paths and the fact that netcool uses a different version of openssl. Anyway, if you look at this:

-bash-3.00$ crle

Configuration file [version 4]: /var/ld/ld.config
Default Library Path (ELF): /lib:/usr/lib
Trusted Directories (ELF): /lib/secure:/usr/lib/secure:/app/netcool/platform/solaris2/lib:/app/netcool/omnibus/platform/solaris2/lib

Command line:
crle -c /var/ld/ld.config -l /lib:/usr/lib -s /lib/secure:/usr/lib/secure:/app/netcool/platform/solaris2/lib:/app/netcool/omnibus/platform/solaris2/lib

So, what I’ve done is added the two netcool lib directories to the Trusted Directories and it still works. On top of that, you can set and unset your LD_LIBRARY_PATH to whatever works for you without setting a system wide path.