The branded zone (BrandZ) framework extends the Solaris Zones infrastructure, documented in this manual in Part II, Zones, to include the creation of brands. The term brand can refer to a wide range of operating environments. BrandZ enables the creation of non-global zones that contain non-native operating environments used for running applications. The brand type is used to determine the scripts that are executed when a zone is installed and booted. In addition, a zone's brand is used to properly identify the correct application type at application launch time. All brand management is performed through extensions to the current zones structure.
A brand can provide a simple or a complex environment. For example, a simple environment could replace the standard Solaris utilities with their GNU equivalents. A complex environment could provide a complete Linux user space which supports the execution of Linux applications.
Every zone is configured with an associated brand. The default is the native brand, Solaris. A branded zone will support exactly one brand of non-native binary, which means that a branded zone provides a single operating environment.
BrandZ extends the zones tools in the following ways:
The zonecfg command is used to set a zone's brand type when the zone is configured.
The zoneadm command is used to report a zone's brand type as well as administer the zone.
You can change the brand of a zone in the configured state. Once a branded zone has been installed, that brand cannot be changed or removed.
Branded zones provide a set of interposition points in the kernel that are only applied to processes executing in a branded zone.
These points are found in such paths as the syscall path, the process loading path, and the thread creation path.
At each of these points, a brand can choose to supplement or replace the standard Solaris behavior.
A brand can also provide a plug-in library for librtld_db. The plug-in library allows Solaris tools such as the debugger, described in mdb(1), and DTrace, described in dtrace(1M), to access the symbol information of processes running inside a branded zone.
The devices supported by each zone are documented in the man pages and other documentation for that brand. Device support is defined by the brand. A brand can choose to disallow the addition of any unsupported or unrecognized devices.
The file systems required for a branded zone are defined by the brand.
The privileges available in a branded zone are defined by the brand. For more information about privileges, see Privileges in a Non-Global Zone and Configurable Privileges in an lx Branded Zone.