test

Oracle Solaris Trusted Extensions Configuration Guide

ProcedureCustomize the Labeled Zone

If you are going to clone zones or copy zones, this procedure configures a zone to be a template for other zones. In addition, this procedure configures a zone that has not been created from a template for use.

Before You Begin

You are superuser in the global zone. You have completed Verify the Status of the Zone.

  1. In the Zone Terminal Console, disable services that are unnecessary in a labeled zone.

    If you are copying or cloning this zone, the services that you disable are disabled in the new zones. The services that are online on your system depend on the service manifest for the zone. Use the netservices limited command to turn off services that labeled zones do not need.

    1. Remove many unnecessary services.


      # netservices limited

    2. List the remaining services.


      # svcs
...
STATE        STIME      FMRI
online       13:05:00   svc:/application/graphical-login/cde-login:default
...

    3. Disable graphical login.


      # svcadm disable svc:/application/graphical-login/cde-login
# svcs cde-login
STATE        STIME      FMRI
disabled     13:06:22   svc:/application/graphical-login/cde-login:default

    For information about the service management framework, see the smf(5) man page.

  2. In the Labeled Zone Manager, select Halt to halt the zone.

  3. Before continuing, verify that the zone is shut down.

    In the zone-name: Zone Terminal Console, the following message indicates that the zone is shut down.


    [ NOTICE: Zone halted]

    If you are not copying or cloning this zone, create the remaining zones in the way that you created this first zone. Otherwise, continue with the next step.

  4. If you are using this zone as a template for other zones, do the following:

    1. Remove the auto_home_zone-name file.

      In a terminal window in the global zone, remove this file from the zone-name zone.


      # cd /zone/zone-name/root/etc
# ls auto_home*
auto_home  auto_home_zone-name
# rm auto_home_zone-name

      For example, if the public zone is the template for cloning other zones, remove the auto_home_public file:


      # cd /zone/public/root/etc
# rm auto_home_public

    2. If you plan to clone this zone, create the ZFS snapshot in the next step, then continue with Copy or Clone a Zone in Trusted Extensions.

    3. If you plan to copy this zone, complete Step 6, then continue with Copy or Clone a Zone in Trusted Extensions.

  5. To create a zone template for cloning the remaining zones, select Create Snapshot and click OK.

    Caution – Caution –

    The zone for the snapshot must be in a ZFS file system. You created a ZFS file system for the zone in Create ZFS Pool for Cloning Zones.

  6. To verify that the customized zone is still usable, select Boot from the Labeled Zone Manager.

    The Zone Terminal Console tracks the progress of booting the zone. Messages that are similar to the following appear in the console:


    [Connected to zone 'public' console]

[NOTICE: Zone booting up]
...
Hostname: zonename

    Press the Return key for a login prompt. You can log in as root.