The following system resource features and enhancements have been added to the Solaris 10 8/07 release.
Sun's BrandZ technology provides the framework to create non-global branded zones that contain nonnative operating environments. As a simple extension of non-global zones, branded zones offer the same isolated and secure environment, and all brand management is performed through extensions to the current zones structure.
The brand currently available is the lx brand, Solaris Containers for Linux Applications. These non-global zones provide a Linux application environment on an x86 or x64 machine running the Solaris OS.
The lx brand includes the tools necessary to install a CentOS 3.5 to 3.8 or Red Hat Enterprise Linux 3.5 to 3.8 inside a non-global zone. Machines running the Solaris OS in either 32-bit or 64-bit mode can execute 32-bit Linux applications.
For more information, see Part III, Branded Zones in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Also see the following man pages:
brands(5)
lx(5)
More integrated resource management and zones features now make it easier to leverage the resource management capabilities of the system through the zonecfg command. The resource configuration you specify is automatically created for you when the zone boots. You no longer have to perform any manual steps related to setting up resource management.
The zonecfg command can be used to configure resource management settings for the global zone.
Zone-wide resource controls can be set by using the preferred global property names method. New project and zone resource controls are also available:
zone.max-locked-memory
zone.max-msg-ids
zone.max-sem-ids
zone.max-shm-ids
zone.max-shm-memory
zone.max-swap - Provides swap capping for zones through the capped-memory resource
project.max-locked-memory - Replaces project.max-device-locked-memory
Some methods have been added for setting the default scheduler in a zone, for example, a new scheduling-class property.
Resource pools have been enhanced. You can add a temporary pool that is created dynamically when a zone boots. The pool is configured through the dedicated-CPU resource.
A clear subcommand is available to clear the value for optional settings.
Enhanced physical memory capping from the global zone is available through improvements to rcapd(1M). Limits are configured through the capped-memory resource.
This capability can be used to cap physical memory for lx branded zones and for native zones. For more information, see lx Branded Zones: Solaris Containers for Linux Applications.
The resident set size (RSS) accounting has been improved. Improvements have been made to rcapd, the resource-capping daemon, and to the prstat command.
For more information, see the following:
prstat(1M) man page
rcapd(1M) man page
zonecfg(1M) man page
resource_controls(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
IP networking can now be configured in two different ways, depending on whether the zone is given is assigned an exclusive IP instance or shares the IP layer configuration and state with the global zone. IP types are configured by using the zonecfg command.
The shared-IP type is the default. These zones connect to the same VLANs or same LANs as the global zone and share the IP layer. lx branded zones are configured as Shared-IP zones. For more information, see lx Branded Zones: Solaris Containers for Linux Applications.
Full IP-level functionality is available in an exclusive-IP zone. If a zone must be isolated at the IP layer on the network, then the zone can have an exclusive IP. The exclusive-IP zone can be used to consolidate applications that must communicate on different subnets that are on different VLANs or different LANs.
For more information, see the following:
zonecfg(1M) man page
zones(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
For configuration information, see Chapter 17, Non-Global Zone Configuration (Overview), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones and Chapter 18, Planning and Configuring Non-Global Zones (Tasks), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
For information on feature components, see Chapter 26, Solaris Zones Administration (Overview), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones and Chapter 27, Solaris Zones Administration (Tasks), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Solaris Zones Boot Enhancements now support boot arguments as part of boot and reboot. The following boot arguments are supported at this time:
-m <smf_options>
-i </path/to/init/>
-s
Boot arguments can be passed in the following ways:
global# zoneadm -z myzone boot -- -m verbose
global# zoneadm -z myzone reboot -- -m verbose
myzone# reboot -- -m verbose
Boot arguments can also be persistently specified by using the new bootargs property in the zonecfg command:
zonecfg:myzone> set bootargs="-m verbose"
This setting will be applied unless overridden by the reboot, zoneadm boot or zoneadm reboot commands.
For more information on boot arguments and the bootargs property, see the following:
zoneadm(1M) man page
zonecfg(1M) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
To limit the total amount of System V resources used by processes within a non-global zone, the following zone-wide resource controls are now included:
zone.max-shm-memory
zone.max-shm-ids
zone.max-msg-ids
zone.max-sem-ids
The resource controls are set through the add rctl resource property in zonecfg command for non-global zones.
To limit the global zone's consumption, the resource controls can be set through the prctl command.
For more information, see the following:
prctl(1) man page
zonecfg(1M) man page
resource_controls(5) man page
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
The Solaris system automatically attaches a globally unique identifier to each non-global zone when the zone is installed. This identifier can be retrieved both in the global zone and in the non-global zone by use of the zoneadm list -p command. Users can utilize the zone unique identifier for asset tracking by treating the zone as an asset by itself. This identifier can also be used for identification of zones across the following actions:
Moving of zones.
Renaming zones.
All events that do not involve destruction of zone contents.
For more information, see the zoneadm(1M) man page.
Starting with this release, users can mark zones as “incomplete” using a new zoneadm feature. This new zoneadm feature enables the recording of a fatal or permanent zone failure state by administrative software that updates the zone contents.
For more information, see the zoneadm(1M) man page.
DTrace can now be used in a non-global zone when the dtrace_proc and dtrace_user privileges are assigned to the zone. DTrace providers and actions are limited in scope to the zone. With the dtrace_proc privilege, fasttrap and pid providers can be used. With the dtrace_user privilege, 'profile' and 'syscall' providers can be used.
You can add these privileges to the set of privileges available in the non-global zone by using the limitpriv property of the zonecfg command.
Configurable Privileges for Non-Global Zones provides an overview of privileges in a non-global zone.
For more information about zone configuration, specifying zone privileges, and using the DTrace utility, see: