ZFS volumes cannot be added to a non-global zone by using the zonecfg command's add dataset subcommand. If an attempt to add a ZFS volume is detected, the zone cannot boot. However, volumes can be added to a zone by using the zonecfg command's add device subcommand.
In the following example, a ZFS volume is added to a non-global zone by a global administrator in the global zone:
# zonecfg -z zion zion: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zion> create zonecfg:zion> add device zonecfg:zion:device> set match=/dev/zvol/dsk/tank/vol zonecfg:zion:device> end
This syntax adds the tank/vol volume to the zone. Note that adding a raw volume to a zone has implicit security risks, even if the volume doesn't correspond to a physical device. In particular, the zone administrator could create malformed file systems that would panic the system when a mount is attempted. For more information about adding devices to zones and the related security risks, see Understanding the zoned Property.
For more information about adding devices to zones, see Part II, Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.