Management Access Rights from non global Zone

Similar Messages

• SFTP chroot from non-global zone to zfs pool

  Hi,
  I am unable to create an SFTP chroot inside a zone to a shared folder on the global zone.
  Inside the global zone:
  I have created a zfs pool (rpool/data) and then mounted it to /data.
  I then created some shared folders: /data/sftp/ipl/import and /data/sftp/ipl/export
  I then created a non-global zone and added a file system that loops back to /data.
  Inside the zone:
  I then did the ususal stuff to create a chroot sftp user, similar to: http://nixinfra.blogspot.com.au/2012/12/openssh-chroot-sftp-setup-in-linux.html
  I modifed the /etc/ssh/sshd_config file and hard wired the ChrootDirectory to /data/sftp/ipl.
  When I attempt to sftp into the zone an error message is displayed in the zone -> fatal: bad ownership or modes for chroot directory /data/
  Multiple web sites warn that folder ownership and access privileges is important. However, issuing chown -R root:iplgroup /data made no difference. Perhaps it is something todo with the fact the folders were created in the global zone?
  If I create a simple shared folder inside the zone it works, e.g. /data3/ftp/ipl......ChrootDirectory => /data3/ftp/ipl
  If I use the users home directory it works. eg /export/home/sftpuser......ChrootDirectory => %h
  FYI. The reason for having a ZFS shared folder is to allow separate SFTP and FTP zones and a common/shared data repository for FTP and SFTP exchanges with remote systems. e.g. One remote client pushes data to the FTP server. A second remote client pulls the data via SFTP. Having separate zones increases security?
  Any help would be appreciated to solve this issue.
  Regards John

  sanjaykumarfromsymantec wrote:
  Hi,
  I want to do IPC between inter-zones ( commnication between processes running two different zones). So what are the different techniques can be used. I am not interested in TCP/IP ( AF_INET) sockets.Zones are designed to prevent most visibility between non-global zones and other zones. So network communication (like you might use between two physical machines) are the most common method.
  You could mount a global zone filesystem into multiple non-global zones (via lofs) and have your programs push data there. But you'll probably have to poll for updates. I'm not certain that's easier or better than network communication.
  Darren

• Are volume manager commands available inside non-global zones

  My application requires usage of volume manager commands to create new filesystem, expand an existing file system inside the non-global zone. Is this supported?
  Or the only option is to create filesystem in global zone and assign to non-global zones?

  ArunZone wrote:
  My application requires usage of volume manager commands to create new filesystem, expand an existing file system inside the non-global zone. Is this supported?No. There's no zone knowledege with SVM, so it must be restricted to the global zone only. If you could use ZFS instead, you could delegate a filesystem to a zone and create/modify within the zone.
  Or the only option is to create filesystem in global zone and assign to non-global zones?If you must use SVM, yes.
  Darren

• How to know Global zone name within Non-Global zone?

  Hi everybody.
  My answer is very simple: How can I (command or file) to know Global zone name within Non-Global zone? zoneadm command with all its options don�t work fine to me for this information. Thanks a lot for any idea with my question. Regards.

  Hi. Global Zone�s name is unknow for me from Non-Global zone. I don�t know it, but "Global" isn�t name neither hostname, is just Solaris 10 OS in my machine. However, your link was useful for me.
  Thanks a lot.

• How to copy file from global zone to non-global zone?

  Hi,
  I'm new in zone.
  I have installed a zone and I would like to install some programs.
  Could you please tell me how to copy downloaded file from internet to the new installed zone?
  Kind regards,
  Daniel

  I like to use zcp which came from BigAdmin I believe.
  #!/usr/bin/perl
  # zcp - copy a file from the global zone to a nonglobal zone. Solaris 10.
  # 10-Mar-2005, ver 0.50 (first release)
  # USAGE: zcp file1 zonename:file2
  # eg,
  # zcp /etc/syslog.conf workzone1:/tmp
  # Standard Disclaimer: This is freeware, use at your own risk.
  # 10-Mar-2005 Brendan Gregg Created this.
  $ENV{PATH} = "/usr/bin:/usr/sbin";
  $VERBOSE = 1;
  # Process arguments
  # check for arguments,
  if (@ARGV != 2) {
  die "USAGE: zcp file1 zonename:file2\n";
  # check source file exists,
  $srcpath = $ARGV[0];
  if (! -e $srcpath) {
  die "ERROR1: Can't find source file $srcpath\n";
  # check destination zone exists,
  ($destzone,$destpath) = split(/:/,$ARGV[1]);
  chomp(@Zones = `zoneadm list`);
  foreach $zone (@Zones) { $Zone{$zone} = 1; }
  unless ($Zone{$destzone}) {
  die "ERROR2: Can't find zone $destzone\n";
  # check if destination is a directory or filename,
  $dir = `zlogin -S $destzone '
  if [ -d "$destpath" ]; then echo 1; else echo 0; fi'`;
  if ($dir == 1) {
  $node = $srcpath;
  $node =~ s:.*/::;
  $destpath = "$destpath/$node";
  # Print message
  print "zcp from $srcpath, to zone $destzone, to file $destpath.\n" if $VERBOSE;
  # Copy File
  system("cat $srcpath | zlogin -S $destzone 'cat - > $destpath'");
  # Verify file copied
  $srcsize = -s $srcpath;
  $destinfo = `zlogin -S $destzone 'ls -l $destpath'`;
  @Fields = split(' ',$destinfo);
  $destsize = $Fields[4];
  if ($srcsize != $destsize) {
  print STDERR "ERROR3: Copy failed, size mismatch ".
  "($srcsize != $destsize)\n";
  } else {
  print "Copy successful ($destpath, $destsize bytes).\n" if $VERBOSE;
  }

• Can I import one non-global zone from one machine to another?

  If create a non-global zone on one disk on machine A, is it possible to make a copy of that disk, and import the non-global zone to machine B? If yes, how to import the non-global zone?
  Thanks!

  It should be possible if your machines are installed at the same way, because you need the same environment (patches, packages,..).
  If this is true you should export your zone definition on machine A (zonecfg export) and import it on machine B (zonecfg -f ...).
  Then create the new zone on B. If finished get your zonepath with all data on A an copy it to B. That should be all.
  With this solution I hope it would be possible to have a shadow instance on B and the aktiv instance on A. If you have your whole zonepath on external disks like EMC, you only have to mount your disks on B and start your zone.
  harruh

• Can I upgrade patches to non-global zones separate from a global zone?

  Normally, one would assume that you want to keep global and non-global zones in sync. However, at the software company I work for we could potentially want to test on different patch levels of Solaris10 simultaneously. I can't bring down the global zone and change it's patch set everytime I would need this. My only option would be to have separate hardware and separate global zone for each patch set which kinda defeats the purpose IMHO.
  Anybody out there know if this is possible?

  Whole root zones allow you to have different levels of an application installed in different zones.
  But they don't really provide a good mechanism for testing different patch levels of solaris itself.
  Since theres really only one copy of solaris running, its just providing different views of itself.
  If you want to actually test solaris patch levels you need to do "real" virtualisation rather than para virtualisation provided by zones.
  So either somethig like ldoms on sparc hardware, or vmware or equivalent on x86.

• How to know global zone in case non global zone is hung

  ....I have nongloabazone1,nongloabazone1,nongloabazone2,nongloabazone3...
  i am working on nongloabazone1 ..
  suppose i am giving remote support ...
  if my nongloabazone1 is hung ..i need to know the global zone on which this nongloabazone1 is installed and reboot from there ...if my nongloabazone1 is hung i cannot apply #arp -a and check it out by trial and error method and know the global zone....
  in this case how can i reboot the nongloabazone1 .....i have the same question in case of Ldoms also..............
  Thanks in Advance.......

  Hi.
  It's not clear what means "non global zone is hung".
  In case it realy hangs you can't do anythins in this zone.
  1) In case you have access to global zone. You can get list all zones running on this host:
  zoneadm list -cv
  For reboot local zone from global zone just need: zoneadm -z <zone_name> reboot
  2) Zones not support live migration. So after zone started it can not change global zone.
  Create script that put global zone name in file. When need - just read content of this file.
  This file can be created from global zone when start (or create/move) local zone.
  In case zone migration is not quickly operation, just create file (or database) for list what zone started on which host.
  For LDOM it look wery same.
  Regards.

• LDAP Client Configuration in Non Global Zone

  I have configured 3 non global zones (different ip addresses and different names from global zone), installed LDAP client 2 on each, which worked fine, until the zones were rebooted. The ldapcachemgr was running, but authentication does not work--have to reinstall ldapclient each time.
  Does anyone have any suggestions?

  Here are a few things to check:
  1. /var/ldap/ldap_client_file - Does it have the info you're expecting? If not, it could be the config profile in the Direcotry Server is incorrect.
  2. /etc/nsswitch.conf - Is it configured correctly?
  3. /etc/pam.conf - Is that configured correctly?
  4. If the above files appear OK, check the access logs on the Directory Server.
  HTH,
  Roger S.

• Non-global zone in "shutting_down" state.. Hung in this state

  Hi.. My server is running in Sol10. It has got two non-global zones hosted in it in which the database is running.
  There was some complain from the database team that they were not able to login to the server. When I checked, it the status of the local zones were fine. But when tried to "# zlogin" to them, it got hung. So i tried to " # zlogin -S <zone_name>" and i was able to login in the failsafe mode but not able to execute any command in it. Any command from "uptime", "zfs list", gets hung and i had to forcefully logout.
  So I tried to halt the non-global zones first and then boot it. But here, it got stuck in "shutting_down" state.
  When tried to kill the processes of the non-global zones using "kill -9", it failed to kill the processes.
  so I rebooted the global zone which fixed the issue. But then, 10 days later, the same issue came up.
  I followed the same steps to fix the issue but i'm afraid this issue might come up again since i think rebooting the global zone server is a temporary fix.
  I logged a call with Oracle Support for this, but the server looks fine from the explorer output that was provided.
  Has anyone faced this same problem? What can i do to fix this issue permanantly?

  If you encounter the issue again in future, please get a system crash dump by panicing the global zone. This will allow us (support) to review the crash dump and understand why the zone failed to shut down. It will have been waiting on a resource and without the dump there's simply no way to know what or why.
  IIRC we recently (with the past month) did a putback of a bug (which I can't find the ID of right now) whereby if a zone doesn't hang on the way down we'll fork a new instance of the zone and leave the old refs in their hung state. So it's worth ensuring that you're running the latest Patchset.

• Non-global zone networking

  I've created a non-global zone with a pair of anet devices. I plan to do IPMP inside the non-global zone to manage interface redundancy. The anet config is rather simple -- I have a net0 and net1 whose lower-link's are net2 and net3 respectively.
  Inside the zone, it looks like everything is ready to go. My two VNICs are up.
  zone# dladm show-link
  LINK CLASS MTU STATE OVER
  net0 vnic 1500 up ?
  net1 vnic 1500 up ?
  So I try to plumb them (if I can still use that term).
  zone# ipadm create-ip net0
  zone# ipadm create-ip net1
  zone# ipadm show-if
  IFNAME CLASS STATE ACTIVE OVER
  lo0 loopback ok yes --
  net0 ip down no --
  net1 ip down no --
  That's strange -- why are they not up?
  zone# ifconfig net0 up; ifconfig net1 up
  zone# ipadm show-if
  IFNAME CLASS STATE ACTIVE OVER
  lo0 loopback ok yes --
  net0 ip ok yes --
  net1 ip ok yes --
  Aaah. Much better. Now I can get on with my life.
  # ipadm create-ipmp -i net0 -i net1 ipmp0
  # ipadm create-addr -T static -a 192.168.1.104/24 ipmp0/v4
  So my quesion is why did I have to resort to running an ifconfig up on these interfaces? ifconfig is dead to me -- or so I'd like to think. :)
  What is the "right" way to deal with this problem?

  Figured this out.
  The issue was that I had just done a zlogin to the zone after it was built (which was 3 weeks ago). I had completely forgotten that I had not yet completed the system configuration so the svc:/milestone/config:default service was offline, along with it's many dependancies.
  Basically I manually configured the network information before I had told the system config that I was going to do so.
  Strange behaviour -- but that's what happens when you don't follow order of operation.

• How to unlock Root Account in non-global zone on Solaris 10 Branded Zone

  Hello All,
  I have a phsical x86 server running Solaris 11. On top of that, I have 3 Solaris 10 branded zones configured. Due to security policy the root account has been locked by 5 failed login attempts.
  Is there a way by which I can unlock root account in non-global zone.
  I have the root access of global zone.
  Pls help as these are production servers.
  Regards

  Hey,
  It worked. Actually i forgot to save the file.
  I changed the /<zonepath>/root/etc/shadow
  Removed *LK* & then from global zone did zlogin -l root zonename
  Thanks  lot.

• Why there are no /dev/mem, /dev/kmem on solaris10 non-global zones?

  Hi All,
  We have an application on SOLARIS10 that tries to open '/dev/kmem' using 'kvm_open' system call and after that it reads certain kernel virtual memory parameter values by using 'kvm_nlist' system call.
  In solaris 10 non-global zones these calls are failing as /dev/kmem cannot be found. Is there any other way to access the kmem or kernel memory parameters on non-global zones?
  What are the corresponding files for /dev/mem, /dev/kmem on non-global zones? We are interpreting /dev/mem and /dev/kmem files to get status and statistical information of the system on solaris.
  This is urgent....Please help....
  Thanks

  Ravi-N wrote:
  Hi All,
  We have an application on SOLARIS10 that tries to open '/dev/kmem' using 'kvm_open' system call and after that it reads certain kernel virtual memory parameter values by using 'kvm_nlist' system call.What information are you trying to gather?
  In solaris 10 non-global zones these calls are failing as /dev/kmem cannot be found. Is there any other way to access the kmem or kernel memory parameters on non-global zones? You can't access kernel parameters directly (it's difficult to keep somone with access to it from making changes that would be visible to other zones). But it might be possible to get the information you need another way. Zones aren't virtual machines, and you can't do everything in a non-global zone that you can in the global zone.
  Darren

• FilesystemMountPoints for ufs disks mounted to non-global zones

  Hello,
  I have a SAN ufs disk to be used as a failover storage, mounted to non-global zones (NGZ).
  Solaris 10 nodes using Cluster 3.2
  I'm looking for the correct value for the property FilesystemMountPoints and the vfstab entry required for a failover disk mounted to a NGZ.
  Should the path NOT include the NGZ root path?
  From the man page for SUNW.HAStoragePlus, for the property FilesystemMountPoints:
  You can specify both the path in a non-global zone and the path in a global zone, in this format:
  Non-GlobalZonePath:GlobalZonePath
  The global zone path is optional. If you do not specify a global zone path, Sun Cluster assumes that the path in
  the non-global zone and in the global zone are the same. If you specify the path as
  Non-GlobalZonePath:GlobalZonePath, you must specify Global-ZonePath in the global zone's /etc/vfstab.
  The default setting for this property is an empty list.
  You can use the SUNW.HAStoragePlus resource type to make a file system available to a non-global zone. To enable
  the SUNW.HAStoragePlus resource type to do this, you must create a mount point in the global zone and in the
  non-global zone. The SUNW.HAStoragePlus resource type makes the file system available to the non-global zone
  by mounting the file system in the global zone. The resource type then performs a loopback mount in the
  non-global zone.
  Each file system mount point should have an equivalent entry in /etc/vfstab on all cluster nodes and in all
  global zones. The SUNW.HAStoragePlus resource type does not check /etc/vfstab in non-global zones.
  SUNW.HAStoragePlus resources that specify local file systems can only belong in a failover resource group
  with affinity switchovers enabled. These local file systems can therefore be termed failover file systems. You
  can specify both local and global file system mounts points at the same time.
  Any file system whose mount point is present in the FilesystemMountPoints extension property is assumed to
  be local if its /etc/vfstab entry satisfies both of the following conditions:
  1. The non-global mount option is specified.
  2. The "mount at boot" field for the entry is set to "no."
  In my situation, I want to mount the disk to /mysql_data on the NGZ called ftp_zone. So, which is the correct setup?
  a. FilesystemMountPoints=/mysql_data:/zones/ftp_zone/root/mysql_data
  Global zone vfstab entry /dev/md/ftpabin/dsk/d110 /dev/md/ftpabin/rdsk/d110 /zones/ftp_zone/root/mysql_data ufs 1 no logging
  NGZ mount point /mysql_data
  OR
  b. FilesystemMountPoints=/mysql_data:/mysql_data (can be condensed to simply /mysql_data)
  Global zone vfstab entry /dev/md/ftpabin/dsk/d110 /dev/md/ftpabin/rdsk/d110 /mysql_data ufs 1 no logging
  NGZ mount point /mysql_data
  Should the path NOT include the NGZ root path?
  And should the fsck pass # be 1 or 2?
  Looking at this example from p. 26 of
  http://wikis.sun.com/download/attachments/24543510/820-4690.pdf
  This example doesn't mention the entry in vfstab.
  Create a resource group that can holds services in nodea zonex and nodeb zoney
  nodea# clresourcegroup create -n nodea:zonex,nodeb:zoney test-rg
  Make sure the HAStoragePlus resource is registered
  nodea# clresourcetype register SUNW.HAStoragePlus
  Now add a UFS [or VxFS] fail-over file system: mount /bigspace1 to failover/export/install in NGZ
  nodea# clresource create -t SUNW.HAStoragePlus -g test-rg \
  -p FilesystemMountPoints=/fail-over/export/install:/bigspace1 \
  ufs-hasp-rs
  Thank you!

  Hi,
  /zones/oracle-z is my root directory of the zone.
  * add the device to the zone :
  root@mpbxapp1 # zonecfg -z oracle-z
  zonecfg:oracle-z> add device
  zonecfg:oracle-z:device> set match=/dev/global/dsk/d12s0
  zonecfg:oracle-z:device> end
  zonecfg:oracle-z> add device
  zonecfg:oracle-z:device> set match=/dev/global/rdsk/d12s0
  zonecfg:oracle-z:device> end
  zonecfg:oracle-z> exit
  * add FS to NGZ's /etc/vfstab : ( You may omit this step, I don't know why but it works without this step :) )
  root@mpbxapp1 # vi /zones/oracle-z/root/etc/vfstab
  /dev/global/dsk/d12s0 /dev/global/rdsk/d12s0 /global/oracle ufs 1 no logging
  * add FS to global zone's /etc/vfstab :
  root@mpbxapp1 # vi /etc/vfstab
  /dev/global/dsk/d12s0 /dev/global/rdsk/d12s0 /zonefs/oracle ufs 1 no logging
  * set the FilesystemMountPoints property :
  root@mpbxapp1 # /usr/cluster/bin/clresource set -p FilesystemMountPoints=/global/oracle:/zonefs/oracle oracle-hastp
  Whit this configuration you may ensure that the FS is not directly accessible from master zone. Actually, it's accessible but with a different PATH. For example, for Oracle, from the master zone Oracle can not be started/stopped because the controlfile can not be accessed. :)
  Hope this helps,
  Murat

• Not all non-global zones updated for DST

  We have one server with Solaris 10 and four non-global zones. I installed patch 122032-03 to the global zone and it installed successfull, according to the log. With the DST change on 3/11, TWO of the non-global zones and the global zone updated correctly to daylight time, but the other TWO non-global zone DID NOT. Does anyone know what would cause this?
  I have also tried to manually change the time on the two non-global zones and have not been able to; as root I get the message "not owner"
  ainsworth:hughesm> su -
  Password:
  Sun Microsystems Inc. SunOS 5.10 Generic January 2005
  You have mail.
  # date
  Tue Mar 13 12:02:45 PST 2007
  # date -u
  Tue Mar 13 20:03:16 GMT 2007
  # date
  Tue Mar 13 12:04:31 PST 2007
  # date 0313130007
  date: Not owner
  usage: date [-u] mmddHHMM[[cc]yy][.SS]
  date [-u] [+format]
  date -a [-]sss[.fff]
  Fortunately, these were just test zones. They were set up by a previous admin to be used for pgpftp, so I'm wondering if there are some special configurations for security that is preventing the time change.

  Thanks for replying.
  I rebooted from the global zone. All the zones have the same uptime as the global zone, except one that was rebooted more recently.
  Quick question - how do I tell if it's a sparse zone or full zone?
  One of the zones that the time change worked on:
  $ zdump -v US/Pacific | grep 2007
  US/Pacific Tue Mar 13 22:37:59 2007 UTC = Tue Mar 13 15:37:59 2007 PDT isdst=1
  US/Pacific Sun Mar 11 09:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 PST isdst=0
  US/Pacific Sun Mar 11 10:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 PDT isdst=1
  US/Pacific Sun Nov 4 08:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 PDT isdst=1
  US/Pacific Sun Nov 4 09:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 PST isdst=0
  tsbackup:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac
  drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
  cathedral:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac (the global zone)
  drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
  One zone that didn't work: (the other one that did not work is the same)
  # zdump -v US/Pacific | grep 2007
  US/Pacific Tue Mar 13 22:45:33 2007 UTC = Tue Mar 13 14:45:33 2007 PST isdst=0
  US/Pacific Sun Apr 1 09:59:59 2007 UTC = Sun Apr 1 01:59:59 2007 PST isdst=0
  US/Pacific Sun Apr 1 10:00:00 2007 UTC = Sun Apr 1 03:00:00 2007 PDT isdst=1
  US/Pacific Sun Oct 28 08:59:59 2007 UTC = Sun Oct 28 01:59:59 2007 PDT isdst=1
  US/Pacific Sun Oct 28 09:00:00 2007 UTC = Sun Oct 28 01:00:00 2007 PST isdst=0
  # uname -a
  SunOS albina 5.10 Generic_118822-02 sun4u sparc SUNW,Ultra-4
  # cd /usr/share/lib/zoneinfo (non-global zone that did not update)
  # ls -al | grep Pac
  drwxr-xr-x 2 root bin 1024 Apr 20 2005 Pacific
  I was thinking of trying to apply the patch within the zone itself, but when I tried smpatch analyze, it didn't list it:
  # smpatch analyze
  120900-04 SunOS 5.10: libzonecfg Patch
  121133-02 SunOS 5.10: zones library and zones utility patch
  119254-27 SunOS 5.10: Install and Patch Utilities Patch
  119574-02 SunOS 5.10: su patch
  121453-02 SunOS 5.10: Sun Update Connection Client Foundation
  121118-08 SunOS 5.10: Sun Update Connection System Client 1.0.8
  121081-05 SunOS 5.10: Connected Customer Agents 1.1.0
  122231-01 SunOS 5.10 Sun Connection agents, transport certificate update
  I attempted to add the patch using smpatch, but I've never run it here before so it's probably not configured right:
  # smpatch update -i 122032-03
  122032-03 cannot be validated.
  com.sun.patchpro.model.PatchProRuntimeException: Unexpected throwable
  at com.sun.patchpro.cli.PatchServices.waitForThread(PatchServices.java:1284)
  at com.sun.patchpro.cli.PatchServices.installPatches(PatchServices.java:1121)
  at com.sun.patchpro.cli.PatchServices.main(PatchServices.java:510)
  Caused by:
  java.lang.Throwable: ERROR: Failed to validate the digital signature(s).
  at com.sun.patchpro.model.PatchProModel$InnerDownloadPatchThread.downloadPatchFailed(PatchProModel.java:2855)
  at com.sun.patchpro.server.GroupPatchDownloader.dispatchFailedEvent(GroupPatchDownloader.java:384)
  at com.sun.patchpro.server.GroupPatchDownloader.downloadPatchFailed(GroupPatchDownloader.java:335)
  at com.sun.patchpro.server.ServerPatchServiceProvider.dispatchFailedEvent(ServerPatchServiceProvider.java:2577
  at com.sun.patchpro.server.ServerPatchServiceProvider.validatePatchBundle(ServerPatchServiceProvider.java:2196
  at com.sun.patchpro.server.ServerPatchServiceProvider.requestDownload(ServerPatchServiceProvider.java:1780)
  at com.sun.patchpro.server.ServerPatchServiceProvider.performDownloadPatches(ServerPatchServiceProvider.java:1
  2)
  at com.sun.patchpro.server.ServerPatchServiceProvider.downloadPatches(ServerPatchServiceProvider.java:860)
  at com.sun.patchpro.server.PatchServerProxy.downloadPatches(PatchServerProxy.java:142)
  at com.sun.patchpro.server.GroupPatchDownloader.downloadPatches(GroupPatchDownloader.java:124)
  at com.sun.patchpro.model.PatchProModel.performPatchDownload(PatchProModel.java:1932)
  at com.sun.patchpro.model.PatchProStateMachine$10.run(PatchProStateMachine.java:526)
  at com.sun.patchpro.util.State.run(State.java:266)
  at java.lang.Thread.run(Thread.java:595)
  So then I attempted to add the patch using patchadd:
  # patchadd 122032-03
  Validating patches...
  Loading patches installed on the system...
  Done!
  Loading patches requested to install.
  Done!
  Checking patches that you specified for installation.
  Done!
  Global patches.
  0 Patch 122032-03 is for global zone only - cannot be installed on local zone.
  No patches to install.
  under /var/sadm/patch/122032-03 on the Global zone, the log shows:
  -rw-r--r-- 1 root root 2666 Jan 19 11:19 log
  This appears to be an attempt to install the same architecture and
  version of a package which is already installed. This installation
  will attempt to overwrite this package.
  WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
  Dryrun complete.
  No changes were made to the system.
  This appears to be an attempt to install the same architecture and
  version of a package which is already installed. This installation
  will attempt to overwrite this package.
  WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
  Installation of <SUNWcsu> was successful.
  On the non-global zones, either there is nothing under /var/sadm/patch or there isn't even a patch directory under /var/sadm. Is there somewhere else to look?
  Thanks.