Oracle Solaris Trusted Extensions Configuration Guide

ProcedureVerify the Status of the Zone


Note –

The X server runs in the global zone. Each labeled zone must be able to connect with the global zone to use the X server. Therefore, zone networking must work before a zone can be used. For background information, see Planning for Multilevel Access.


  1. Verify that the zone has been completely started.

    1. In the zone-name: Zone Terminal Console, log in as root.


      hostname console login: root
      Password: Type root password
      
    2. In the Zone Terminal Console, verify that critical services are running.


      # svcs -xv
      svc:/application/print/server:default (LP print server)
       State: disabled since Tue Oct 10 10:10:10 2006
      Reason: Disabled by an administrator.
         See: http://sun.com/msg/SMF-8000-05
         See: lpsched(1M)
      ...

      The sendmail and print services are not critical services.

    3. Verify that the zone has a valid IP address.


      # ifconfig -a
      

      For example, the following output shows an IP address for the hme0 interface.


      # ...
       hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
               all-zones
               inet 192.168.0.11 netmask fffffe00 broadcast 192.168.0.255
    4. (Optional) Verify that the zone can communicate with the global zone.

      1. Set the DISPLAY variable to point to the X server


        # DISPLAY=global-zone-hostname:n.n
        # export DISPLAY
      2. From the terminal window, display a GUI.

        For example, display a clock.


        # /usr/openwin/bin/xclock
        

        If the clock at the label of the zone does not appear, the zone networking has not been configured correctly. For debugging suggestions, see Labeled Zone Is Unable to Access the X Server.

      3. Close the GUI before continuing.

  2. From the global zone, check the status of the labeled zones.


    # zoneadm list -v
    ID NAME         STATUS         PATH                BRAND   IP
     0 global       running        /                   native  shared
     3 internal     running        /zone/internal      native  shared
     4 needtoknow   running        /zone/needtoknow    native  shared
     5 restricted   running        /zone/restricted    native  shared
Next Steps

You have completed configuring the labeled zone. To add zone-specific network interfaces to the zones or to establish default routing per labeled zone, continue with Adding Network Interfaces and Routing to Labeled Zones. Otherwise, continue with Creating Roles and Users in Trusted Extensions.