Patch-ID# 116932-02 Keywords: over-the-wire mac autofs redundant "gang mount" Synopsis: Trusted_Solaris_8_HW_12/02: automountd patch Date: May/26/2004 Install Requirements: Reboot after installation Solaris Release: Trusted_Solaris_8_HW_12/02 SunOS Release: Trusted_Solaris_8_HW_12/02 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 116933 Topic: Trusted_Solaris_8_HW_12/02: automountd patch Relevant Architectures: sparc BugId's fixed with this patch: 4926203 5016234 5018531 5028607 Changes incorporated in this version: 5016234 5018531 5028607 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/lib/autofs/automountd /usr/lib/secpolicy/automount/automount.kpolicy-tsol.so Problem Description: 5016234 replicated automount servers don't work if one is up but not sharing 5018531 Setting ndd tsol_unlab_equal_only breaks replicated file systems 5028607 automountd still sends otw for replicated mounts (from 116932-01) 4926203 Disallow auto-mounts triggered for dominating file Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: For these changes to take effect, automountd must be stopped and restarted. Restart the automounter daemon by rebooting the system or by performing the following with all privileges at ADMIN_LOW as uid 0 after the patch installation is complete: /etc/init.d/autofs stop /etc/init.d/autofs start & if someone with the File System Management profile wants to do /etc/init.d/autofs stop /etc/init.d/autofs start& then there is no need to reboot The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. NOTE 2: With this fix in place, replicated automounts at labels other than ADMIN_LOW can be performed with the ndd switch for tsol_unlab_equal_only set to 1. ONLY if PRIV_NET_BROADCAST is added to automountd any relevant profiles. As shipped, the relevant profiles are the boot profile and the File System Management profile. Special Backout Instructions: ----------------------------- NOTE 1: Reboot the system after the patches are removed. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Wednesday, May 26, 2004