System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

Zone Construction

This section applies to initial zone construction, and not to the cloning of existing zones.

After you have configured a non-global zone, you should verify that the zone can be installed safely on your system's configuration. You can then install the zone. The files needed for the zone's root file system are installed by the system under the zone's root path.

A non-global zone is installed with the open networking configuration (generic_open.xml). Network configuration types are described in Chapter 19, Managing Services (Tasks), in System Administration Guide: Basic Administration. The zone administrator can switch the zone to the limited networking configuration (generic_limited_net.xml) by using the netservices command. Specific services can be enabled or disabled by using SMF commands.

A successfully installed zone is ready for initial login and booting.

The method used to initially install packages in a Solaris installation is also the method used to populate a non-global zone.

The global zone must contain all the data necessary to populate a non-global zone. Populating a zone includes creating directories, copying files, and providing configuration information.

Only the information or data that was created in the global zone from packages is used to populate the zone from the global zone. For more information, see the pkgparam(1) and pkginfo(4) man pages.

Data from the following are not referenced or copied when a zone is installed:

In addition, the following types of information, if present in the global zone, are not copied into a zone that is being installed:

If Solaris auditing is used, modifications to auditing files copied from the global zone might be required. For more information, see Using Solaris Auditing in Zones.

The following features cannot be configured in a non-global zone:

The resources specified in the configuration file are added when the zone transitions from installed to ready. A unique zone ID is assigned by the system. File systems are mounted, network interfaces are set up, and devices are configured. Transitioning into the ready state prepares the virtual platform to begin running user processes. In the ready state, the zsched and zoneadmd processes are started to manage the virtual platform.

A zone in the ready state does not have any user processes executing in it. The primary difference between a ready zone and a running zone is that at least one process is executing in a running zone. See the init(1M) man page for more information.