It's my understanding that it is not possible for a non-global zone to determine its global zone, however running this on the global zone creates a file called /etc/global-zone-name in all running zones.
zoneadm list | awk '$1!="global" {printf("uname -n | zlogin %s \"cat > /etc/global-zone-name\"\n",$1)}' | sh
My question: Is there any security risk to this approach? In other words is there any risk to a server knowing its global zone?
Best Answer
Security issues aside - creating a file with the global zone name is one solution. However, if your non-global zones (NGZs) are managed by some sort of Clustering solution (read: if the NGZs are likely to jump global-zones when there's a catastrophic failure), then this is going to "break".
I find that having a script run at boot-up (basically a small SMF) that does the following is a big help;
1) Run "
/sbin/zonename". If "global", then;2) Use "
/sbin/eeprom" to store thehostnamein an OpenBoot PROM (aka "OBP") variable.This way, all a NGZ has to do to figure out it's GZ is check the contents of the OBP variable.
P.S: if your cluster-nodes have the cluster-name in their hostname, this really helps track-down a zone. E.g: Cluster "wwwfarm1" has physical servers "wwwfarm1a" "wwwfarm1b" and "wwwfarm1c"