Non-global zones are called labeled zones. Each labeled zone has a unique label. All objects within a labeled zone have the same label. For example, all processes that run in a labeled zone have the same label. All files that are writable in a labeled zone have the same label. A user who is cleared for more than one label has access to a labeled zone at each label.
For more information about these APIs, see Accessing Labels in Zones.
The label of a file is based on the label of the zone or of the host that owns the file. Therefore, when you relabel a file, the file must be moved to the appropriate labeled zone or to the appropriate labeled host. This process of relabeling a file is also referred to as reclassifying a file. The setflabel() library routine can relabel a file by moving the file. To relabel a file, a process must assert the file_upgrade_sl privilege or the file_downgrade_sl privilege. See the getlabel(2) and setflabel(3TSOL) man pages.
For more information about setting privileges, see Developing Privileged Applications, in Solaris Security for Developers Guide.