JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones
search filter icon
search icon

Document Information


Part I Resource Management

1.  Introduction to Solaris 10 Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

15.  Resource Control Functionality in the Solaris Management Console

Part II Zones

16.  Introduction to Solaris Zones

17.  Non-Global Zone Configuration (Overview)

18.  Planning and Configuring Non-Global Zones (Tasks)

19.  About Installing, Halting, Cloning, and Uninstalling Non-Global Zones (Overview)

20.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

21.  Non-Global Zone Login (Overview)

22.  Logging In to Non-Global Zones (Tasks)

23.  Moving and Migrating Non-Global Zones (Tasks)

24.  Solaris 10 9/10: Migrating a Physical Solaris System Into a Zone (Tasks)

25.  About Packages and Patches on a Solaris System With Zones Installed (Overview)

26.  Adding and Removing Packages and Patches on a Solaris System With Zones Installed (Tasks)

27.  Solaris Zones Administration (Overview)

28.  Solaris Zones Administration (Tasks)

29.  Upgrading a Solaris 10 System That Has Installed Non-Global Zones

30.  Troubleshooting Miscellaneous Solaris Zones Problems

Part III lx Branded Zones

31.  About Branded Zones and the Linux Branded Zone

32.  Planning the lx Branded Zone Configuration (Overview)

System and Space Requirements

Restricting the Size of the Branded Zone

Branded Zone Network Address

lx Branded Zone Configuration Process

lx Branded Zone Configuration Components

Zone Name and Zone Path in an lx Branded Zone

Zone Autoboot in an lx Branded Zone

Resource Pool Association in an lx Branded Zone

Specifying the dedicated-cpu Resource

Solaris 10 5/08: Specifying the capped-cpu Resource

Scheduling Class in a Zone

capped-memory Resource

Zone Network Interfaces in an lx Branded Zone

Mounted File Systems in an lx Branded Zone

Zone-Wide Resource Controls in an lx Branded Zone

Configurable Privileges in an lx Branded Zone

attr Resource in an lx Branded Zone

Resources Included in the Configuration by Default

Configured Devices in lx Branded Zones

File Systems Defined in lx Branded Zones

Privileges Defined in lx Branded Zones

Using the zonecfg Command to Create an lx Branded Zone

zonecfg Modes

zonecfg Interactive Mode

zonecfg Command-File Mode

Branded Zone Configuration Data

Resource and Property Types

Resource Type Properties in the lx Branded Zone

33.  Configuring the lx Branded Zone (Tasks)

34.  About Installing, Booting, Halting, Cloning, and Uninstalling lx Branded Zones (Overview)

35.  Installing, Booting, Halting, Uninstalling and Cloning lx Branded Zones (Tasks)

36.  Logging In to lx Branded Zones (Tasks)

37.  Moving and Migrating lx Branded Zones (Tasks)

38.  Administering and Running Applications in lx Branded Zones (Tasks)



Branded Zone Configuration Data

Zone configuration data consists of two kinds of entities: resources and properties. Each resource has a type, and each resource can also have a set of one or more properties. The properties have names and values. The set of properties is dependent on the resource type.

Resource and Property Types

The resource and property types are described as follows:

Zone name

The zone name identifies the zone to the configuration utility. The following rules apply to zone names:

  • Each zone must have a unique name.

  • A zone name is case-sensitive.

  • A zone name must begin with an alphanumeric character.

    The name can contain alphanumeric characters, underbars (_), hyphens (-), and periods (.).

  • The name cannot be longer than 64 characters.

  • The name global and all names beginning with SUNW are reserved and cannot be used.


The zonepath property is the path to the zone root. Each zone has a path to its root directory that is relative to the global zone's root directory. At installation time, the global zone directory is required to have restricted visibility. It must be owned by root with the mode 700.

The non-global zone's root path is one level lower. The zone's root directory has the same ownership and permissions as the root directory (/) in the global zone. The zone directory must be owned by root with the mode 755. These directories are created automatically with the correct permissions, and do not need to be verified by the zone administrator. This hierarchy ensures that unprivileged users in the global zone are prevented from traversing a non-global zone's file system.

zonecfg zonepath
Root of the zone
Devices created for the zone

See Traversing File Systems for a further discussion of this issue.

Note - You can move a zone to another location on the same system by specifying a new, full zonepath with the move subcommand of zoneadm. See Solaris 10 11/06: Moving a Non-Global Zone for instructions.


If this property is set to true, the zone is automatically booted when the global zone is booted. Note that if the zones service, svc:/system/zones:default is disabled, the zone will not autoboot, regardless of the setting of this property. You can enable the zones service with the svcadm command described in the svcadm(1M) man page:

global# svcadm enable zones

This property is used to set a boot argument for the zone. The boot argument is applied unless overridden by the reboot, zoneadm boot, or zoneadm reboot commands. See Branded Zone Boot Arguments.


This property is used to associate the zone with a specific resource pool on the system. Multiple zones can share the resources of one pool. Also see Specifying the dedicated-cpu Resource.


This property is used to specify a privilege mask other than the default. See Privileges in a Non-Global Zone.

Privileges are added by specifying the privilege name, with or without the leading priv_. Privileges are excluded by preceding the name with a dash (-) or an exclamation mark (!). The privilege values are separated by commas and placed within quotation marks ().

As described in priv_str_to_set(3C), the special privilege sets of none, all, and basic expand to their normal definitions. Because zone configuration takes place from the global zone, the special privilege set zone cannot be used. Because a common use is to alter the default privilege set by adding or removing certain privileges, the special set default maps to the default, set of privileges. When default appears at the beginning of the limitpriv property, it expands to the default set.

The following entry adds the ability to set the system clock and removes the ability to send raw Internet Control Message Protocol (ICMP) packets:

global# zonecfg -z userzone
zonecfg:userzone> set limitpriv="default,sys_time,!net_icmpaccess"

If the zone's privilege set contains a disallowed privilege, is missing a required privilege, or includes an unknown privilege, an attempt to verify, ready, or boot the zone will fail with an error message.


This property sets the scheduling class for the zone. See Scheduling Class in a Zone for additional information and tips.


This resource dedicates a subset of the system's processors to the zone while it is running. The dedicated-cpu resource provides limits for ncpus and, optionally, importance. For more information, seeSpecifying the dedicated-cpu Resource.


This resource groups the properties used when capping memory for the zone. The capped-memory resource provides limits for physical, swap, and locked memory. At least one of these properties must be specified.


Each zone can have various file systems that are mounted when the zone transitions from the installed state to the ready state. The file system resource specifies the path to the file system mount point. For more information about the use of file systems in zones, see File Systems and Non-Global Zones.


The network interface resource is the virtual interface name. Each zone can have network interfaces that should be set up when the zone transitions from the installed state to the ready state.

Only shared-IP network configurations are supported in an lx branded zone


The rctl resource is used for zone-wide resource controls. The controls are enabled when the zone transitions from the installed state to the ready state.

Note - To configure zone-wide controls using the set global_property_name subcommand of zonefig instead of the rctl resource, see How to Configure the lx Branded Zone.


This generic attribute can be used for user comments or by other subsystems. The name property of an attr must begin with an alphanumeric character. The name property can contain alphanumeric characters, hyphens (-), and periods (.). Attribute names beginning with zone. are reserved for use by the system.

Resource Type Properties in the lx Branded Zone

Resources also have properties to configure. The following properties are associated with the resource types shown.


ncpus, importance

Specify the number of CPUs and, optionally, the relative importance of the pool. The following example specifies a CPU range for use by the zone my-zone. importance is also set.

zonecfg:my-zone> add dedicated-cpu
zonecfg:my-zone:dedicated-cpu> set ncpus=1-3
zonecfg:my-zone:dedicated-cpu> set importance=2
zonecfg:my-zone:dedicated-cpu> end


Specify the number of CPUs. The following example specifies a CPU limit of 3.5 CPUs for use by the zone lx-zone.

zonecfg:lx-zone> add capped-cpu
zonecfg:lx-zone:capped-cpu> set ncpus=3.5
zonecfg:lx-zone:capped-cpu> end

physical, swap, locked

This resource groups the properties used when capping memory for the zone. The following example specifies the memory limits for the zone my-zone. Each limit is optional, but at least one must be set.

zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=50m
zonecfg:my-zone:capped-memory> set swap=100m
zonecfg:my-zone:capped-memory> set locked=30m
zonecfg:my-zone:capped-memory> end

dir, special, raw, type, options

The lines in the following example add read-only access to CD or DVD media in a non-global zone. The file system is loopback mounted with the options ro,nodevices (read-only and no devices) in the non-global zone.

zonecfg:lx-zone> add fs
zonecfg:lx-zone:fs> set dir=/cdrom
zonecfg:lx-zone:fs> set special=/cdrom
zonecfg:lx-zone:fs> set type=lofs
zonecfg:lx-zone:fs> add options [ro,nodevices]
zonecfg:lx-zone:fs> end

Note that section 1M man pages are available for mount options that are unique to a specific file system. The names of these man pages have the form mount_filesystem.


address, physical, defrouter,

In the following example, IP address is added to a zone. A bge0 card is used for the physical interface, and the default router is set.

zonecfg:lx-zone> add net
zonecfg:lx-zone:net> set address=
zonecfg:lx-zone:net> set physical=bge0
zonecfg:lx-zone:net> set defrouter=
zonecfg:lx-zone:net> end

Note - To determine which physical interface to use, type ifconfig -a on your system. Each line of the output, other than loopback driver lines, begins with the name of a card installed on your system. Lines that contain LOOPBACK in the descriptions do not apply to cards.


name, value

Available zone-wide resource controls are described in Zone-Wide Resource Controls in an lx Branded Zone.

zonecfg:lx-zone> add rctl
zonecfg:lx-zone:rctl> set name=zone.cpu-shares
zonecfg:lx-zone:rctl> add value (priv=privileged,limit=10,action=none)
zonecfg:lx-zone:rctl> end
zonecfg:lx-zone> add rctl
zonecfg:lx-zone:rctl> set name=zone.max-lwps
zonecfg:lx-zone:rctl> add value (priv=privileged,limit=100,action=deny)
zonecfg:lx-zone:rctl> end

name, type, value

In the following example, a comment about a zone is added.

zonecfg:lx-zone> add attr
zonecfg:lx-zone:attr> set name=comment
zonecfg:lx-zone:attr> set type=string
zonecfg:lx-zone:attr> set value="Production zone"
zonecfg:lx-zone:attr> end

You can use the export subcommand to print a zone configuration to standard output. The configuration is saved in a form that can be used in a command file.