Planning for Zones in Trusted Extensions
Trusted Extensions software is added to the Solaris OS in the global zone. You then configure non-global zones that are labeled. You can create one labeled zone for every unique label, though you do not need to create a zone for every label.
Part of zone configuration is configuring the network. Labeled zones must be configured to communicate with the global zone and with other zones on the network.
-
The X server that runs the desktop display is available only from the global zone. In the Solaris OS, the loopback interface, lo0, can be used to communicate with the global zone. Therefore, the desktop display is available to non-global zones over lo0.
-
By default, non-global zones use the global zone to reach the network. In the Solaris OS, each non-global zone can be configured with a unique default route that does not use the global zone.
Trusted Extensions Zones and Solaris Zones
Labeled zones differ from typical Solaris zones. Labeled zones are primarily used to segregate data. In Trusted Extensions, regular users cannot remotely log in to a labeled zone. The only interactive interface to a labeled zone is by using the zone console. Only root can gain access to the zone console.
Zone Creation in Trusted Extensions
To create a labeled zone involves copying the entire Solaris OS, and then starting the services for the Solaris OS in every zone. The process can be time-consuming. A faster process is to create one zone, then to clone the contents of that zone. The following table describes your options for zone creation in Trusted Extensions.
- © 2010, Oracle Corporation and/or its affiliates