Hi, everyone! Recently, I use pset_create() on SunOS 5.11 and there is an error "Not owner", how can I solve this? Thanks in advance!

japin: Is the user privileged?

If you look at the manual page, it states that EPERM usualy happens when PRIV_SYS_RES_CONFIG is not there.

You can probably validate that with truss.

rmustacc: I use "ppriv -l | grep sys_res_config" command, and can find it.

japin: ppriv -l just lists all privileges that exist.

So of course it'll be there.

Oh, sorry, I miss understand this. How can I check whether the user has this privilege?

I usually just do something like ppriv $$ on my shell that I'm running the program on or I would use truss to confirm that that is the missing privilege.

Yeah, I cannot find sys_res_config using ppriv $$.

Are you inside of a zone or the global zone?

I'm in a zone.

Thank you rmustacc. And how can I add PRIV_SYS_RES_CONFIG for a user?

I try to use "usermod -K defaultpriv=basic,sys_res_config username", but it doesn't work.

hm - how do I boot a CN with the "noimport=true" parameter? "reboot noimport=true" brings up the CN with the zones pool imported - no matter what...

reboot -B nomport=true ?

ok - then probably "reboot -- -B noimport=true"

Hi, when trying to run "imgadm update" I get the following error: imgadm update: error: UNABLE_TO_GET_ISSUER_CERT_LOCALLY

anyone has and idea on how to fix this?

jhertz : on what PI?

Sorry, I don't know what you mean by PI?

platform image

in other words: platform version

i'd say you need to install mozilla-rootcerts and/or mozilla-rootcerts-openssl

jhertz - what's the output of "uname -a"?

SunOS X 5.11 joyent_20200311T225627Z i86pc i386 i86pc

otis: any link with info on how to do that?

jhertz: the platform image is too old, there's a non-https imgapi server I'll need to dig for the address of, but generally you want to keep the running PI updated

images-nossl.smartos.org

jperkin: So update the USB image basically?

yes

cool, thanks for the help everyone!

jhertz: Yeah, unfortunately the situation with keeping a valid cert on there for older platform images is beyond our control. Pretty much no more CAs exist that will issue a cert that's valid with the version of OpenSSL used in older platform images.

There may be one, but I don't know of any. And unfortunately the only way to figure it out is to buy one and see if it works, and if not, hope you can get your money back.

It would end up being extremely expensive and time intensive, and I wouldn't be surprised if it raised a red flag somewhere with CAs that someone keeps buying the same name from every CA in existence.