Solaris 10 What's New

System Resources Enhancements

The following system resource features and enhancements have been added to the Solaris 10 8/07 release.

lx Branded Zones: Solaris Containers for Linux Applications

Sun's BrandZ technology provides the framework to create non-global branded zones that contain nonnative operating environments. As a simple extension of non-global zones, branded zones offer the same isolated and secure environment, and all brand management is performed through extensions to the current zones structure.

The brand currently available is the lx brand, Solaris Containers for Linux Applications. These non-global zones provide a Linux application environment on an x86 or x64 machine running the Solaris OS.

The lx brand includes the tools necessary to install a CentOS 3.5 to 3.8 or Red Hat Enterprise Linux 3.5 to 3.8 inside a non-global zone. Machines running the Solaris OS in either 32-bit or 64-bit mode can execute 32-bit Linux applications.

For more information, see Part III, Branded Zones in the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

Also see the following man pages:

Improved zonecfg Procedures for Creating Containers

More integrated resource management and zones features now make it easier to leverage the resource management capabilities of the system through the zonecfg command. The resource configuration you specify is automatically created for you when the zone boots. You no longer have to perform any manual steps related to setting up resource management.

For more information, see the following:

IP Instances: LAN and VLAN Separation for Non-Global Zones

IP networking can now be configured in two different ways, depending on whether the zone is given is assigned an exclusive IP instance or shares the IP layer configuration and state with the global zone. IP types are configured by using the zonecfg command.

The shared-IP type is the default. These zones connect to the same VLANs or same LANs as the global zone and share the IP layer. lx branded zones are configured as Shared-IP zones. For more information, see lx Branded Zones: Solaris Containers for Linux Applications.

Full IP-level functionality is available in an exclusive-IP zone. If a zone must be isolated at the IP layer on the network, then the zone can have an exclusive IP. The exclusive-IP zone can be used to consolidate applications that must communicate on different subnets that are on different VLANs or different LANs.

For more information, see the following:

Solaris Zones Boot Enhancements

Solaris Zones Boot Enhancements now support boot arguments as part of boot and reboot. The following boot arguments are supported at this time:

Boot arguments can be passed in the following ways:

Boot arguments can also be persistently specified by using the new bootargs property in the zonecfg command:

zonecfg:myzone> set bootargs="-m verbose"

This setting will be applied unless overridden by the reboot, zoneadm boot or zoneadm reboot commands.

For more information on boot arguments and the bootargs property, see the following:

System V Resource Controls for Zones

To limit the total amount of System V resources used by processes within a non-global zone, the following zone-wide resource controls are now included:

The resource controls are set through the add rctl resource property in zonecfg command for non-global zones.

To limit the global zone's consumption, the resource controls can be set through the prctl command.

For more information, see the following:

Zone Unique Identifier

The Solaris system automatically attaches a globally unique identifier to each non-global zone when the zone is installed. This identifier can be retrieved both in the global zone and in the non-global zone by use of the zoneadm list -p command. Users can utilize the zone unique identifier for asset tracking by treating the zone as an asset by itself. This identifier can also be used for identification of zones across the following actions:

For more information, see the zoneadm(1M) man page.

Ability to Mark Zones as “Incomplete”

Starting with this release, users can mark zones as “incomplete” using a new zoneadm feature. This new zoneadm feature enables the recording of a fatal or permanent zone failure state by administrative software that updates the zone contents.

For more information, see the zoneadm(1M) man page.

Using DTrace in a Non-Global Zone

DTrace can now be used in a non-global zone when the dtrace_proc and dtrace_user privileges are assigned to the zone. DTrace providers and actions are limited in scope to the zone. With the dtrace_proc privilege, fasttrap and pid providers can be used. With the dtrace_user privilege, 'profile' and 'syscall' providers can be used.

You can add these privileges to the set of privileges available in the non-global zone by using the limitpriv property of the zonecfg command.

Configurable Privileges for Non-Global Zones provides an overview of privileges in a non-global zone.

For more information about zone configuration, specifying zone privileges, and using the DTrace utility, see: