This chapter summarizes all the new features in the Solaris 10 8/07 release.
The following system administration features and enhancements have been added to the Solaris 10 8/07 release.
Enhancements have been made to the name service switch (nss) and to the Name Switch Cache Daemon (nscd(1M)) in order to deliver new functionality. These enhancements include the following:
Better caching in nscd(1M) and management of connections within the updated framework
Name service lookups that are access controlled at the naming service on a per-user basis. The updated switch framework adds support for this style of lookups using SASL/GSS/Kerberos in a manner that is compatible with the authentication model used in the Microsoft Active Directory.
A framework for the future addition of putXbyY interfaces.
For more information about per-user lookups, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
The -Y option of the iostat command provides new performance information for machines that use Solaris I/O multipathing.
For more information, see the iostat(1M) man page.
Starting with this release, you can register the Solaris OS by using one of the following methods:
Basic Registration 1.1 - Use this method if you want to use Sun Connection's hosted deployment architecture or Update Manager.
Solaris Registration - Use this method if you want to use Sun Connection to maintain an inventory of systems that you have registered.
Basic Registration 1.1 is a system administration feature that was introduced in the Solaris 10 6/06 release. The Basic Registration feature enables you to create a registration profile and ID to automate your Solaris 10 software registrations for the Update Manager. The Update Manager is the single system update client that is used by Sun Connection. Sun Connection was formerly known as Sun Update Connection System Edition. The Basic Registration wizard appears on system reboot. For information on the Basic Registration 1.1 feature , see Basic Registration 1.1. For information about Sun Connection's product portfolio and how to register with the wizard, see the Sun Connection Information Hub at http://www.sun.com/bigadmin/hubs/connection/.
Solaris Registration enables you to register one or more instances of your Solaris software at the same time by providing a Sun Online Account user name and password. To register, go to https://sunconnection.sun.com.
A Sun Service Tag is a product identifier that is designed to automatically discover your Sun systems, software, and services for quick and easy registration. A service tag uniquely identifies each tagged asset, and enables the asset information to be shared over a local network in a standard XML format.
Service tags are enabled as part of the Service Management Facility (SMF) and the SMF generic_open.xml profile. If you select the SMF generic_limited_net.xml profile, service tags are not enabled.
For more information about SMF, see the System Administration Guide: Basic Administration. For more information about service tags, the types of information collected, and automatic registration, see Sun Connection on BigAdmin at http://www.sun.com/bigadmin/hubs/connection/tasks/register.jsp.
The MPxIO path steering feature includes a mechanism for issuing SCSI commands to an MPxIO LU to be delivered down a specified path to the LU. In order to provide this functionality, a new IOCTL command, MP_SEND_SCSI_CMD, is added and is referenced through the existing scsi_vhci IOCTL interface. An extension is introduced to the multipath management library (MP-API) which provides access to this new IOCTL command. This enables network administrators to run diagnostic commands through a specified path.
raidctl is a utility that can perform RAID configuration work by using multiple RAID controllers. The raidctl feature contains more detailed information about RAID components, including controller, volume and physical disks. The raidctl utility enables the user to track the RAID system more closely and simplify the learning effort on diverse RAID controllers.
For more information, see the following:
The zoneadm(1M) command is modified to call an external program that performs validation checks against a specific zoneadm operation on a branded zone. The checks are performed before the specified zoneadm subcommand is executed. However, the external brand-specific handler program for zoneadm(1M) should be specified by the brand's configuration file, /usr/lib/brand/<brand_name>/config.xml. The external program is specified by the brand's configuration file by using the <verify_adm> tag.
To introduce a new type of branded zone, and list brand-specific handlers for the zoneadm(1M) subcommand, add the following line to the brand's config.xml file:
<verify_adm><absolute path to external program> %z %* %*</verify_adm> |
In this line, %z is the zone name, the first %*is the zoneadm subcommand, and the second %* is the subcommand's arguments.
This feature is useful when a given branded zone might not support all the zoneadm(1M) operations possible. Brand-specific handlers provide a way to gracefully fail unsupported zoneadm commands.
Ensure that the handler program that you specify recognizes all zoneadm(1M) subcommands.
The fault management feature introduces error-handling and fault-management support for CPUs and memory in systems that use AMD (TM) Opteron and Athlon 64 Rev F processors. These processors are used in the “M2” products from Sun such as the Sun Fire X2200 M2 and Ultra 20 M2. Releases prior to Solaris 10 8/07 provided fault management support for Opteron and Athlon 64 revisions B through E.
Fault management support is enabled by default. The fault management service detects correctable CPU and memory errors, the resulting telemetry is analyzed by diagnosis engines, and errors and faults are corrected whenever possible. When errors cannot be corrected by the system, the extended telemetry provides greater assistance to the system administrator.
For more information see http://www.opensolaris.org/os/community/fm/.
Starting with this release, the Solaris OS includes a set of predictive self-healing features to automatically capture and diagnose hardware errors detected on your system.
The Solaris Fault Manager automatically diagnoses failures in x64 hardware. Diagnostic messages are reported by the fmd daemon.
For more information about Fault Management in Solaris, see the following:
Starting with this release, the stmsboot utility is ported to x86 systems. stmsboot is a utility that is used to enable or disable MPxIO for fibre-channel devices. This stmsboot utility already exists on SPARC systems.
Users can use this utility to enable or disable MPxIO automatically. Previously, users had to enable or disable MPxIO manually, which was difficult, especially for a SAN system boot.
For more information, see the following:
stmsboot(1M) man page
Section about Enabling or Disabling Multipathing on x86 Based Systems in Solaris Fibre Channel Storage Configuration and Multipathing Support Guide at http://docs.sun.com.
Starting with this release, concurrent READ/WRITE FPDMA QUEUED commands are supported. There is considerable performance enhancement when performing I/O operations using the Solaris marvell88sx driver under specific workload conditions. Other workloads benefit to a smaller degree. There is also significant performance enhancement under many workloads for drives that support this optional portion of the SATA specification.
Tagged queuing enables SATA disks to optimize head motion and performance.
The following installation features and enhancements have been added to the Solaris 10 8/07 release.
The NFS version 4 domain can now be defined during the installation of the Solaris OS. In releases prior to Solaris 10 8/07, the NFS domain name was defined during the first system reboot after installation.
The NFSv4 domain name feature affects installation of the OS as follows:
The sysidtool command includes an enhanced sysidnfs4 program. The sysidnfs4 program now runs during the installation process to determine whether an NFSv4 domain has been configured for the network.
During an interactive installation, the user is provided with the default NFSv4 domain name that is automatically derived from the OS. The user can accept this default. Or, the user can specify a different NFSv4 domain.
For more information, see the sysidtool(1M) and the sysidnfs4(1M) man pages.
As part of a Solaris JumpStartTM installation, a new keyword is available in the sysidcfg file. The user can now assign a value for the NFSv4 domain by using the new keyword, nfs4_domain.
For more information about this new keyword, see the sysidcfg(4) man page. This man page also provides an example of how to use the new nfs4_domain keyword.
For more information about the NFSv4 domain name configuration, see the System Administration Guide: Network Services.
Starting with this release, Solaris Live Upgrade has been changed with the following enhancements:
You can upgrade the Solaris OS when non-global zones are installed on a system by using Solaris Live Upgrade.
A new package, SUNWlucfg, must be installed with the other Solaris Live Upgrade packages SUNWlur and SUNWluu.
These three packages comprise the software needed to upgrade by using Solaris Live Upgrade. These packages include existing software, new features, and bug fixes. If you do not install these packages on your system before using Solaris Live Upgrade, upgrading to the target release fails.
For more information about upgrading when non-global zones are installed on a system, see Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning.
Starting with the Solaris 10 8/07 release, you can upgrade the Solaris OS when non-global zones are installed without most of the limitations found in releases prior to Solaris 10 8/07.
The only limitation to upgrading involves a Solaris Flash archive. When you use a Solaris Flash archive to install, an archive that contains non-global zones is not properly installed on your system.
The following changes accommodate systems that have non-global zones installed:
For the Solaris interactive installation program, you can upgrade or patch a system when non-global zones are installed, with CDs and DVDs. Or you can use a network installation image for either the CDs or DVDs. Previously, you were limited to upgrading with a DVD. The time to upgrade or patch might be extensive, depending on the number of non-global zones that are installed.
For an automated JumpStart installation, you can upgrade or patch with any keyword that applies to an upgrade or patching. In releases prior to Solaris 10 8/07, only a limited number of keywords could be used. The time to upgrade or patch might be extensive, depending on the number of non-global zones that are installed.
For Solaris Live Upgrade, you can upgrade or patch a system that contains non-global zones. If you have a system that contains non-global zones, Solaris Live Upgrade is the recommended upgrade program or program to add patches. Other upgrade programs might require extensive upgrade time, because the time required to complete the upgrade increases linearly with the number of installed non-global zones. If you are patching a system with Solaris Live Upgrade, you do not have to take the system to single-user mode and you can maximize your system's uptime.
The following changes accommodate systems that have non-global zones installed:
A new package, SUNWlucfg, must be installed with the other Solaris Live Upgrade packages, SUNWlur and SUNWluu. This package is required for any system, not just a system with non-global zones installed.
These three packages contain the software needed to upgrade by using Solaris Live Upgrade. These packages include existing software, new features, and bug fixes. If you do not install these packages on your system before using Solaris Live Upgrade, upgrading to the target release fails.
Creating a new boot environment from the currently running boot environment remains the same with one exception. You can specify a destination disk slice for a shared file system within a non-global zone.
The argument to the -m option has a new optional field, zonename. The new zonename field enables creating the new boot environment and specifying zones that contain separate file systems. This argument places the zone's separate file system on a separate slice in the new boot environment.
The lumount command provides non-global zones with access to their corresponding file systems that exist on inactive boot environments. When the global zone administrator uses the lumount command to mount an inactive boot environment, the boot environment is also mounted for non-global zones.
Listing file systems with the lufslist command is enhanced to display a list of file systems for both the global zone and the non-global zones.
A Solaris system that is configured with Trusted Extensions requires extra steps to upgrade labeled zones. For information on this procedure, see Upgrading a Trusted Extensions System That is Configured with Labeled Zones under Installation Enhancements in Solaris 10 8/07 Release Notes.
Starting with this release, the sysidkdb tool configures your USB language and its corresponding keyboard layout.
With the new sysidkdb tool, the following procedure occurs:
If the keyboard is self-identifying, the keyboard language and layout automatically configures during installation.
If the keyboard is not self-identifying, the sysidkdb tool provides you with a list of supported keyboard layouts during installation, so that you can select a layout for keyboard configuration.
Previously, the USB keyboard assumed a self-identifying value of one during the installation. Therefore, all of the keyboards that were not self-identifying always configured for a U.S. English keyboard layout during installation on SPARC.
PS/2 keyboards are not self-identifying. You will have to select the keyboard layout during the installation.
JumpStart Specifications: If the keyboard is not self-identifying and you want to prevent being prompted during your JumpStart installation, select the keyboard language in your sysidkdb file. For JumpStart installation, the default is for a U.S. English keyboard layout. To select another language and its corresponding keyboard layout, set the keyboard keyword in your sysidkdb file .
For more information, see the Solaris 10 Installation Guide: Network-Based Installations.
Starting with patch 119254-42 and 119255-42, the patch installation utilities, patchadd and patchrm, have been modified to change the way that certain patches delivering features are handled. This modification affects the installation of these patches on any Solaris 10 release. These “deferred-activation” patches handle the large scope of change delivered in feature patches better.
A limited number of patches are designated as a deferred-activation patch. Typically a deferred-activation patch is a kernel patch associated with a Solaris 10 release after the Solaris 10 3/05 release, such as the Solaris 10 8/07 release. Patches are designated a deferred-activation patch if the variable SUNW_PATCH_SAFEMODE is set in the pkginfo file. Patches not designated as deferred-activation patches continue to install as before. For example, previously released patches, such as kernel patches 118833-36 (SPARC) and 118855-36 (x86), do not use the deferred-activation patching utilities to install.
Previously, complex patch scripting was required for these kernel patches. The scripting was required to avoid issues during the patch installation process on an active partition because of inconsistencies between the objects the patch delivers and the running system (active partition). Now, deferred-activation patching uses the loopback file system (lofs) to ensure the stability of the running system. When a patch is applied to the running system, the lofs preserves stability during the patching process. These large kernel patches have always required a reboot, but now the required reboot activates the changes made by the lofs. The patch README provides instructions on which patches require a reboot.
If you are running non-global zones or have lofs disabled, consider these points when installing or removing deferred-activation patches:
All non-global zones must be in a halted state for this patch operation. You must halt the non-global zone before applying the patch.
Deferred-activation patching requires the loopback file system (lofs) in order to complete safely. Systems running Sun Cluster 3.1 or Sun Cluster 3.2 are likely to have lofs turned off because of restrictions on HA-NFS functionality when lofs is enabled. Therefore, before a deferred-activation patch is installed, you must re-enable the loopback file system by performing the following steps:
Remove or comment out the following line in the /etc/system file:
exclude:lofs. |
Reboot the system.
Install the patch.
After you have completed the patch installation operation, restore or uncomment the same line from the /etc/system file.
Reboot the system to resume normal operations.
Sun recommends Solaris Live Upgrade to manage patching. Solaris Live Upgrade prevents the problems of patching a running system. Solaris Live Upgrade reduces the amount of downtime involved in patching and reduces risk by providing fallback capability if problems occur. See Solaris 10 Installation Guide: Solaris Live Upgrade and Upgrade Planning.
The following networking features and enhancements have been added to the Solaris 10 8/07 release.
Solaris now implements IPsec Tunnel Mode per RFC 2401. Inner-packet selectors can be specified on a per-tunnel-interface basis using the new “tunnel” keyword of ipsecconf(1M). IKE and PF_KEY handle Tunnel Mode identities for Phase 2/Quick Mode. Interoperability with other IPsec implementations is greatly increased.
For more information, see Transport and Tunnel Modes in IPsec in System Administration Guide: IP Services.
The packet filter hooks feature includes the following significant functionalities:
Improved performance in comparison with the STREAMS module approach
Capability to intercept packets between zones
The packet filter hooks feature is part of a new API that is internal to the kernel. Developers can use the API to work with IP inside the kernel or to intercept packets.
Starting with this release, routeadm(1M) is enhanced to manage SMF-based routing daemon services. Also, service conversions for the following commands are provided:
As a result, these services can be managed through standard SMF commands such as svcadm and svccfg, and utilize the restart capabilities that SMF provides.
Quagga Software Routing Suite delivers a set of IETF routing protocols for Solaris, including OSPF and BGP, allowing for high-availability deployment of Solaris through dynamic routing, manageable through SMF 'routeadm'.
Quagga is a community fork of the GNU Zebra software previously included in Solaris, providing many updates and some new features. For more information, see /etc/quagga/README.Solaris.
Starting with this release, the Solaris OS supports Dynamic Host Configuration Protocol for IPv6 (DHCPv6), as described in RFC 3315. DHCPv6 enables Solaris to acquire IPv6 addresses automatically from the local DHCP servers without manual configuration.
For more information, see the following man pages:
Starting with this release, the Solaris OS does not have two separate hosts files. /etc/inet/hosts is the single hosts file that contains both IPv4 and IPv6 entries. Solaris system administrators do not need to maintain IPv4 entries in two hosts files that are always synchronized. For backward compatibility, the /etc/inet/ipnodes file is replaced with a symbolic link of the same name to /etc/inet/hosts.
For more information, see the hosts(4) and the ipnodes(4) man pages.
Large Send Offload (LSO) is a hardware off-loading technology. LSO off-loads TCP Segmentation to NIC hardware to improve the network performance by reducing the workload on the CPUs. LSO is helpful for 10Gb network adoption on systems with slow CPU threads or lack of CPU resource. This feature integrates basic LSO framework in Solaris TCP/IP stack, so that any LSO-capable NIC might be enabled with LSO capability.
Starting with this release, the nge driver has been updated to enable Jumbo Frame support. The nge driver's default MTU has been raised to 9 Kbytes, that improves system performance and lowers CPU utilization significantly.
For more information, see the nge(7D) man page.
For information about this feature, see NFSv4 Domain Name Configurable During Installation.
The following security features and enhancements have been added to the Solaris 10 8/07 release.
The Solaris Key Management Framework (KMF) provides tools and programming interfaces for managing public key (PKI) objects. The pktool command enables the administrator to manage PKI objects in nss, pkcs11, and file-based keystores from a single utility.
The API layer enables the developer to specify the type of keystore to be used. KMF also provides plug-in modules for these PKI technologies. These plug-in modules enable developers to write new applications to use any of the supported keystores.
KMF has a unique feature that provides a system-wide policy database that KMF applications can use regardless of the type of keystore. By using the kmfcfg command, the administrator can create policy definitions in a global database. KMF applications can then choose a policy to enforce, so that all subsequent KMF operations are constrained by the policy being enforced. Policy definitions include rules for the following:
Strategy for performing validations
Key usage and extended key usage requirements
Trust anchor definitions
OCSP parameters
CRL DB parameters (for example, location)
For more information, see the following:
pktool(1) man page
kmfcfg(1) man page
Chapter 15, Solaris Key Management Framework, in System Administration Guide: Security Services
Starting with this release, the libmd library provides implementations of cryptographic hash algorithms MD4, MD5, SHA1, and SHA2 which comprises SHA256, SHA384, SHA512, by using lightweight APIs. For more information about these APIs and functions offered by libmd, see the following man pages:
The Solaris Cryptographic Framework feature provides protection of signing keys in a token device. The elfsign command also displays more information about signatures and certificates.
For more information, see the elfsign(1) man page.
The Encryption Kit, SUNWcry and SUNWcryr packages, are included by default with the Solaris 10 8/07 software. Full strength crypto for the Solaris Cryptographic Framework, Kerberos, and OpenSSL is now installed by default.
The following file system features and enhancements have been added to the Solaris 10 8/07 release.
This Solaris release provides support for iSCSI target devices, which can be disk or tape devices. Releases prior to Solaris 10 8/07 provided support for iSCSI initiators. The advantage of setting up Solaris iSCSI targets is you might have existing fibre-channel devices that can be connected to clients without the cost of fibre-channel HBAs. In addition, systems with dedicated arrays can now export replicated storage with ZFS or UFS file systems.
You can use the iscsitadm command to set up and manage your iSCSI target devices. For the disk device that you select as your iSCSI target, you'll need to provide an equivalently sized ZFS or UFS file system as the backing store for the iSCSI daemon.
After the target device is set up, use the iscsiadm command to identify your iSCSI targets, which will discover and use the iSCSI target device.
iscsiadm(1M) man page
iscsitadm(1M) man page
The extended FILE space feature supports an addition, F, mode to the fopen library command. The F mode enables the opening of files beyond the 255 limit. This feature enables the developers to use the fopen command to handle file descriptors up to the limits set using the limit or ulimit commands.
The following system resource features and enhancements have been added to the Solaris 10 8/07 release.
Sun's BrandZ technology provides the framework to create non-global branded zones that contain nonnative operating environments. As a simple extension of non-global zones, branded zones offer the same isolated and secure environment, and all brand management is performed through extensions to the current zones structure.
The brand currently available is the lx brand, Solaris Containers for Linux Applications. These non-global zones provide a Linux application environment on an x86 or x64 machine running the Solaris OS.
The lx brand includes the tools necessary to install a CentOS 3.5 to 3.8 or Red Hat Enterprise Linux 3.5 to 3.8 inside a non-global zone. Machines running the Solaris OS in either 32-bit or 64-bit mode can execute 32-bit Linux applications.
For more information, see Part III, Branded Zones in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Also see the following man pages:
brands(5)
lx(5)
More integrated resource management and zones features now make it easier to leverage the resource management capabilities of the system through the zonecfg command. The resource configuration you specify is automatically created for you when the zone boots. You no longer have to perform any manual steps related to setting up resource management.
The zonecfg command can be used to configure resource management settings for the global zone.
Zone-wide resource controls can be set by using the preferred global property names method. New project and zone resource controls are also available:
zone.max-locked-memory
zone.max-msg-ids
zone.max-sem-ids
zone.max-shm-ids
zone.max-shm-memory
zone.max-swap - Provides swap capping for zones through the capped-memory resource
project.max-locked-memory - Replaces project.max-device-locked-memory
Some methods have been added for setting the default scheduler in a zone, for example, a new scheduling-class property.
Resource pools have been enhanced. You can add a temporary pool that is created dynamically when a zone boots. The pool is configured through the dedicated-CPU resource.
A clear subcommand is available to clear the value for optional settings.
Enhanced physical memory capping from the global zone is available through improvements to rcapd(1M). Limits are configured through the capped-memory resource.
This capability can be used to cap physical memory for lx branded zones and for native zones. For more information, see lx Branded Zones: Solaris Containers for Linux Applications.
The resident set size (RSS) accounting has been improved. Improvements have been made to rcapd, the resource-capping daemon, and to the prstat command.
For more information, see the following:
prstat(1M) man page
rcapd(1M) man page
zonecfg(1M) man page
resource_controls(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
IP networking can now be configured in two different ways, depending on whether the zone is given is assigned an exclusive IP instance or shares the IP layer configuration and state with the global zone. IP types are configured by using the zonecfg command.
The shared-IP type is the default. These zones connect to the same VLANs or same LANs as the global zone and share the IP layer. lx branded zones are configured as Shared-IP zones. For more information, see lx Branded Zones: Solaris Containers for Linux Applications.
Full IP-level functionality is available in an exclusive-IP zone. If a zone must be isolated at the IP layer on the network, then the zone can have an exclusive IP. The exclusive-IP zone can be used to consolidate applications that must communicate on different subnets that are on different VLANs or different LANs.
For more information, see the following:
zonecfg(1M) man page
zones(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
For configuration information, see Chapter 17, Non-Global Zone Configuration (Overview), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones and Chapter 18, Planning and Configuring Non-Global Zones (Tasks), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
For information on feature components, see Chapter 26, Solaris Zones Administration (Overview), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones and Chapter 27, Solaris Zones Administration (Tasks), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Solaris Zones Boot Enhancements now support boot arguments as part of boot and reboot. The following boot arguments are supported at this time:
-m <smf_options>
-i </path/to/init/>
-s
Boot arguments can be passed in the following ways:
global# zoneadm -z myzone boot -- -m verbose
global# zoneadm -z myzone reboot -- -m verbose
myzone# reboot -- -m verbose
Boot arguments can also be persistently specified by using the new bootargs property in the zonecfg command:
zonecfg:myzone> set bootargs="-m verbose"
This setting will be applied unless overridden by the reboot, zoneadm boot or zoneadm reboot commands.
For more information on boot arguments and the bootargs property, see the following:
zoneadm(1M) man page
zonecfg(1M) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
To limit the total amount of System V resources used by processes within a non-global zone, the following zone-wide resource controls are now included:
zone.max-shm-memory
zone.max-shm-ids
zone.max-msg-ids
zone.max-sem-ids
The resource controls are set through the add rctl resource property in zonecfg command for non-global zones.
To limit the global zone's consumption, the resource controls can be set through the prctl command.
For more information, see the following:
prctl(1) man page
zonecfg(1M) man page
resource_controls(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
The Solaris system automatically attaches a globally unique identifier to each non-global zone when the zone is installed. This identifier can be retrieved both in the global zone and in the non-global zone by use of the zoneadm list -p command. Users can utilize the zone unique identifier for asset tracking by treating the zone as an asset by itself. This identifier can also be used for identification of zones across the following actions:
Moving of zones.
Renaming zones.
All events that do not involve destruction of zone contents.
For more information, see the zoneadm(1M) man page.
Starting with this release, users can mark zones as “incomplete” using a new zoneadm feature. This new zoneadm feature enables the recording of a fatal or permanent zone failure state by administrative software that updates the zone contents.
For more information, see the zoneadm(1M) man page.
DTrace can now be used in a non-global zone when the dtrace_proc and dtrace_user privileges are assigned to the zone. DTrace providers and actions are limited in scope to the zone. With the dtrace_proc privilege, fasttrap and pid providers can be used. With the dtrace_user privilege, 'profile' and 'syscall' providers can be used.
You can add these privileges to the set of privileges available in the non-global zone by using the limitpriv property of the zonecfg command.
Configurable Privileges for Non-Global Zones provides an overview of privileges in a non-global zone.
For more information about zone configuration, specifying zone privileges, and using the DTrace utility, see:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
zonecfg(1M) man page
dtrace(1M) man page
The following desktop tools features and enhancements have been added to the Solaris 10 8/07 release.
Thunderbird 2.0 is a full-featured email, RSS, and newsgroup client developed by the Mozilla community. It provides functionality equivalent to the Mozilla mail and newsgroups features.
Firefox 2.0 focuses on user interface innovations that help users in their common browsing tasks while interacting with search, bookmarks and history. Firefox 2.0 has improvements to tabbed browsing, RSS handling, managing extensions, security and performance.
Starting with this release a new plug-in, Off-the-Record (OTR), has been added to GAIM.
OTR messaging enables users to have private conversations over GAIM and all its supported messenger services by providing the following:
Encryption
Authentication
Deniability
Perfect forward secrecy
For more information, see http://www.cypherpunks.ca/otr/.
Starting with this release, XVideo support on RealPlayer improves video playback performance greatly on x86 systems.
The following X11 windowing features and enhancements have been added to the Solaris 10 8/07 release.
CDE currently lists the cryptic locale names in the form of a cascade menu in the login screen. The dtlogin language selection overhaul feature delivers a more user-friendly language-oriented login list. CDE has a feature to remember the per display default login language name. For SunRay environments, you can use an X resource to disable displays from remembering the login language.
For more information, see the dtlogin man page.
Starting with this release, the X Window System servers include a User-land Statically Defined Tracing (USDT) DTrace provider for instrumenting X11 client connections. The X Window System servers include the following:
Xorg
Xsun
Xprt
Xnest
Xvfb
For more information about available probes and their arguments, and sample DTrace scripts using them, see http://people.freedesktop.org/~alanc/dtrace/.
The Xorg server for the X11 window system, the associated graphics, and the input device drivers, have been upgraded to the X11R7.2 release. The X11R7.2 release includes the Xorg server version 1.2. This release also adds 64-bit versions of the Xorg server for both x64 and SPARC platforms, though drivers for common SPARC graphics devices are not yet available for Xorg.
This release also includes the Xephyr nested X server and the Xorg version of Xvfb, both of which are installed in the /usr/X11/bin directory. This version of Xorg no longer supports the Low Bandwidth X (LBX) extension. The use of the X tunneling and compression features of ssh(1) is suggested for sites that need X displays across extremely bandwidth-limited network links.
The following language support features and enhancements have been added to the Solaris 10 8/07 release.
The locale data for existing European and Middle East and African (EMEA), Central and South American, and Oceania locales has been migrated to Common Locale Data Repository (CLDR) 1.3. This migration improves locale data quality and ensures consistency of locale data across code sets.
For more information about CLDR, see http://www.unicode.org/cldr.
Starting with this release, the Japanese HG font has been updated to compliant with JISX0213:2004.
Starting with this release, the following two types of codeset conversions between the Unicode and Japanese codesets have been added:
In conversion from or to eucJP, PCK (SJIS), and ms932, iconv now supports UTF-16, UCS-2, UTF-32, UCS-4 and their fixed endian variants, such as UTF-16BE and UTF-16LE, and UTF-8.
iconv now supports codeset name eucJP-ms to provide conversion between Japanese EUC and Unicode in the same way as Windows. All Unicode encoding variants mentioned previously, are also supported with eucJP-ms.
For more information, see the iconv_ja(5) man page.
The input method switcher application, gnome-im-switcher-applet, is replaced with a stand-alone GTK+ application, iiim-panel. iiim-panel now starts and resides on the GNOME panel automatically when you log in to the Java Desktop System (Java DS) in UTF-8 or Asian locales. iiim-panel can also run in the Common Desktop Environment (CDE).
IIIMF supports language engines that emulate the EMEA keyboard layout such as French, Polish or Dutch.
For more information, see the online help of the input method preference editor (iiim-properties).
This feature provides a new command option kbd -s language. This option enables users to configure keyboard layouts in kernel. The Zero-CountryCode keyboard layout feature is particularly useful on SPARC systems. In prior releases, all “non-self-ID keyboards” were always recognized as US layout keyboard on SPARC systems.
For more information, see kbd(1) man page.
The following developer tools features and enhancements have been added to the Solaris 10 8/07 release.
SunVTSTM (Sun Validation Test Suite) is a comprehensive software diagnostic package that tests and validates the Sun x86 and SPARC hardware. The SunVTS software verifies the configuration and proper functioning of controllers, devices, and platforms.
Major changes to the Solaris OS for SunVTS include:
New tests, xnetlbtest and iobustest have been added. In releases prior to Solaris 10 8/07 both these tests were available only as part of the internal manufacturing package.
SunVTS memory tests integrated with Test Hang Mitigation (THM) library.
nettest enhancements with a new option to accept packet size.
bmcenvironment test enhancements to support LED tests.
netlbtest has been changed to accommodate crc bytes under nxge driver.
disktest enhancements
Generic tapetest with improved option settings.
iobustest enhancements which include EFI disc support, bus-related performance counters, stress SIU/NCU, higher stress level cover, PCI-E scan capability.
For more information about these features and tests, see the SunVTS 6.4 documentation at http://www.sun.com/documentation.
The following new drivers and driver enhancements have been added to the Solaris 10 8/07 release.
Starting with this release, Reliable Datagram Sockets (RDS) is a new protocol family that enables a socket to send messages to multiple destinations reliably over the InfiniBand interconnect.
RDS is delivered through a new SUNWrds package. The SUNWrds package consists of the rds and rdsib drivers for the socket and transport interface respectively.
Enhanced USB EHCI host controller driver provides isochronous transfer support for USB 2.0 or high speed isochronous devices.
For more information, see the usb_isoc_request(9S) man page.
This feature is to supply the logical unit number (LUN) reset support by uscsi commands. Users can use LUN reset commands with uscsi_flags set as USCSI_RESET_LUN with this feature.
Starting with this release, READ/WRITE FPDMA QUEUED commands are supported. There is a considerable performance enhancement when performing I/O operations using the Marvell driver under specific work load conditions. Other workloads benefit to a smaller degree. The Sun Branded Hitachi 250GB HDS7225SBSUN250G drives have considerably better performance with larger writes using this feature.
There is also significant performance enhancement under many workloads for drives that support this optional portion of the SATA specification.
The Compact Flash (CF) support feature enables you to use a CF card as an ATA disk through a CF-ATA adapter. This feature helps you start your system from a CF card and store your data on a CF card easily.
For more information about Compact Flash supporting, see the ata(7D) man page.
Starting with this release, the usbsacm driver supports USB modems that conform to the Universal Serial Bus Communication Device Class Abstract Control Model (USB CDC ACM) specification. Customers can attach the usbsacm driver with their mobile phones, PCMCIA cards, or any modem-like devices. The usbsacm driver outputs term nodes under /dev/term/. Customers can then use pppd(1M) to transmit datagrams over these serial ports.
The CardBus support feature adds 32-bit PC Card support in Solaris. Both 16-bit and 32-bit PC Cards are now recognized by Solaris. For more information, see the pcic(7D)pcic(7D) and cardbus(4) man pages.
Starting with this release, the Solaris OS supports the IBM LTO-4 tape drive.
Starting with this release, the Solaris OS supports the HP LTO-4 tape drive.
Starting with this release, the accelerated graphics drivers for Xorg and OpenGL for NVIDIA Quadro and GeForce cards are included. The nvidia-settings and nvidia-xconfig configuration tools for these drivers are also provided.
Starting with release, there is a user-programmable watchdog timer on sun4v platforms that supports backward compatibility. The user can manipulate the Application Watchdog Timer through IOCTLs provided by the backward compatible ntwdt pseudo driver.
The minimal ACPI thermal zone monitor pseudo driver for the Solaris OS handles thermal zone events from the ACPI. Thermal zone events are primarily critical temperature events. If the BIOS in a given system implements specific ACPI methods, this pseudo driver handles the thermal zone events.
The updated aac driver supports the new generation, rocket chip-based Adaptec Hardware RAID adapter. The aac driver also supports the Adaptec Storage Management Utility (ASM), which configures and monitors the controller and attached hard drives.
For more information, see the Adaptec web-site http://www.adaptec.com/en-US/products/adps/.
The audioixp driver is the Solaris audio driver for the ATI IXP400 Southbridge chipset from ATI Corporation. The ATI IXP400 chipset includes an embedded AC97 audio controller. This chipset is widely adopted by many motherboard vendors, for example, the Ferrari4000 model. The audioixp driver follows the Solaris Audio Driver Architecture (SADA) frame.
High-definition audio driver, audiohd(7d), is enhanced to support more audio CODECs and provide basic audio playback and recording functionality. The supported high-definition audio CODECs include the following:
Realtek ALC260/262/880/882/883/885/888
IDT/Sigmatel STAC9200(D)
Analog Devices AD1986/1988
AHCI is a SATA HBA hot-plug capable driver for SATA controllers that are compatible with the AHCI specification. The AHCI driver supports the INTEL ICH6 and VIA vt8251 controllers, however other AHCI compliant controllers might also work.
For more information, see the ahci(7D) man page.
The following system performance features and enhancements have been added to the Solaris 10 8/07 release.
UltraSPARC T2 systems PCI Express Interface Units (PIU) have built-in performance counters which can be dumped by using busstat. The output of the busstat -l command shows the following devices for such systems:
imu#
mmu#
peu#
bterr#
where # is an instance number.
The use of this built-in performance counter is intended mainly for Sun field service personnel.
Hashed Cache Index mode is a new hardware feature available in UltraSPARC T2 processors. The hardware uses many more address bits to compute an L2 cache index. As a result, there are more page colors for large pages.
To achieve optimum performance, the Solaris kernel must maximize the number of page colors used by all the threads sharing a cache. The Solaris virtual memory subsystem has been extended to support this new hardware feature. Correct color calculation improves the performance and throughput consistency of application programs on UltraSPARC T2 systems.
The multi-level Chip Multi-Threaded (CMT) scheduling optimizations feature provides the Solaris kernel with a platform independent mechanism. This mechanism enables discovering and optimizing various performance relevant hardware-sharing relationships existing between CPUs on current and emerging CMT processor architectures, including Niagara II.
This feature also enhances the kernel's thread scheduler or dispatcher with a multilevel CMT load-balancing policy that benefits system performance on various multithreaded, multicore, and multisocket processor-based systems.
For more information on this feature, see the OpenSolaris performance community website, http://www.opensolaris.org/os/community/performance.
The process count scalability feature improves the process count scalability of the Solaris OS. Currently, all UltraSPARC systems support a maximum of 8192 contexts. When the number of processes exceeds 8192, then the kernel steals contexts to keep the processes running. Stealing a context from a process involves the following tasks:
Cross-calling all CPUs that the process ran on
Invalidating the context for CPUs that are running threads of the process
Flushing the context from the TLBs of all CPUs that are running threads of the process
This procedure is very expensive and gets worse as the number of processes rise beyond 8K. The process count scalability feature completely redesigns context management. The contexts are managed on a per-MMU basis rather than a global basis which enables efficient TLB flushing and greatly improves the scalability of context management.
The process count scalability feature also improves throughput on workloads that consist of more than 8K active processes, or create and destroy processes at a high rate, and is most beneficial on systems with many CPUs.
The multiple page size support (MPSS) for shared memory feature adds large page support for mapping shared memory and provides an out-of-box (OOB) policy for the use of large pages for shared memory. The MPSS support is for shared memory created by the mmap(1) of /dev/zero or with the MAP_ANON flag, and for System V shared memory. This feature also adds support for memcntl(2) changing the page size of these shared memory segments.
MPSS support is also extended for the use of large pages for memory created by the mmap(1), mmap(MAP_PRIVATE) of /dev/zero.
The following device management features and enhancements have been added to the Solaris Solaris 10 8/07 release.
Starting with this release, there is a new reservation mechanism in the st driver. The new mechanism enables the st driver to reserve the tape drive only when a command that requires reservations is sent. The reservation mechanism also enables the st driver to process inquiry commands issued from other hosts while the drive is reserved by a different host.
Some of Independent Software Vendor's (ISV's) backup software and media management tools benefit from the enhanced st SCSI reservations feature. Because of this new feature, management tools could inquire and browse tape libraries when the backup tool is reading or writing tapes.
This feature introduces two new power.conf keywords to permit CPU devices to be power managed independently of automatic power management. These are the new power.conf keywords:
cpupm
Usage:
cpupm <behavior> |
Here, the behavior is enable or disable.
For backward compatibility, if the cpupm keyword is not present in the /etc/power.conf file, the CPUs are power managed if autopm is enabled, and not power managed if autopm is disabled. enable or disable are independent of the autopm setting.
cpu-threshold
Usage:
cpu-threshold <threshold> |
This keyword enables the user to specify a threshold which will apply to any power-manageable CPU, independent of the system-threshold value.
If CPU power management is enabled, the power level of any CPU that is idle for the specified threshold time is reduced to the next lower level.
If cpu-threshold is absent, system threshold is used.
For more information, see the power.conf(4) man page.
The following console subsystem enhancement has been added to the Solaris Solaris 10 8/07 release.
The coherent console feature implements a part of the kernel console subsystem to facilitate rendering console output, The coherent console uses the Solaris kernel mechanisms to render console output rather than Programmable Read-Only Memory (PROM) interfaces. This reduces the console rendering dependence on OnBoot PROM (OBP).
The coherent console uses a kernel-resident framebuffer driver to generate console output. The generated console output is more efficient than using OBP rendering. The coherent console also avoids idling CPUs during SPARC console output and enhances the user experience.
For example, the coherent console increases the SPARC console text throughput and scrolling rate and provides ANSI color.