Oracle Solaris Trusted Extensions Configuration Guide

ProcedureCustomize a Booted Zone in Trusted Extensions

If you are going to clone zones, this procedure configures a zone to be a template for other zones. In addition, this procedure configures the zone for use.

  1. Ensure that the zone has been completely started.

    1. In the zone-name: Zone Terminal Console, log in as root.

      hostname console login: root
      Password: Type root password
    2. Check that the zone is running.

      The status running indicates that at least one process is running in the zone.

      # zoneadm list -v
      ID NAME        STATUS         PATH
       2 public      running        /
    3. Check that the zone can communicate with the global zone.

      The X server runs in the global zone. Each labeled zone must be able to connect with the global zone to use this service. Therefore, zone networking must work before the zone can be used. For assistance, see Labeled Zone Is Unable to Access the X Server.

  2. In the Zone Terminal Console, disable services that are unnecessary in a labeled zone.

    If you are copying or cloning this zone, the services that you disable are disabled in the new zones. The services that are online on your system depend on the service manifest for the zone. Use the netservices limited command to turn off services that labeled zones do not need.

    1. Remove many unnecessary services.

      # netservices limited
    2. List the remaining services.

      # svcs
      STATE        STIME      FMRI
      online       13:05:00   svc:/application/graphical-login/cde-login:default
    3. Disable graphical login.

      # svcadm disable svc:/application/graphical-login/cde-login
      # svcs cde-login
      STATE        STIME      FMRI
      disabled     13:06:22   svc:/application/graphical-login/cde-login:default

    For information about the service management framework, see the smf(5) man page.

  3. Shut down the zone.

    Choose one of the following ways:

    • Run the Shut Down Zone action.

      Provide the name of the zone.

    • In a terminal window in the global zone, use the zlogin command.

      # zlogin zone-name init 0

      For more information, see the zlogin(1) man page.

  4. Verify that the zone is shut down.

    In the zone-name: Zone Terminal Console, the following message indicates that the zone is shut down:

    [ NOTICE: Zone halted]

    If you are not copying or cloning this zone, create the remaining zones in the way that you created this first zone.

  5. If you are using this zone as a template for other zones, do the following:

    1. Remove the auto_home_zone-name file.

      In a terminal window in the global zone, remove this file from the zone-name zone.

      cd /zone/zone-name/root/etc
      # ls auto_home*
      auto_home  auto_home_zone-name
      # rm auto_home_zone-name

      For example, if the public zone were the basis for cloning other zones, remove its auto_home file:

      # cd /zone/public/root/etc
      # rm auto_home_public
Next Steps