Installing and Administering Solaris Container Manager 3.6

Global Zones

Every Solaris 10 system contains a general global environment, like previous versions of the OS, called a global zone. The global zone has two functions: it is the default zone for the system and the zone used for system-wide administrative control. All processes run in the global zone if no non-global zones, referred to simply as zones, are created by the global administrator.

The global zone is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administrative functions, such as physical devices, routing, or dynamic reconfiguration (DR) are only possible in the global zone. Appropriately privileged processes or users that run in the global zone can access objects associated with other zones.

Unprivileged processes or users in the global zone might be able to perform operations not allowed to privileged processes or users in a non-global zone. For example, users in the global zone can view information about every process in the system. Zones allow the administrator to delegate some administrative functions while maintaining overall system security.