Solaris Zones Features

The following Solaris zones features and enhancements have been added to the Solaris 10 11/06 release.

Solaris Zones Renaming Feature

The zone name is now an attribute that can be set through the zonecfg command. Only zones in the configured or installed states can be renamed.

For information about zones configuration and zone states, see:

• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones

• zonecfg(1M) man page

• zones(5) man page

Zones Move and Clone Features

Two new subcommands, move and clone, have been added to the zoneadm command. You can now do the following:

• Relocate a non-global zone from one point on a system to another point on the same system

• Rapidly provision a new non-global zone based on the configuration of an existing zone on the same system

For more information, see:

• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones

• zoneadm(1M) man page

Migrating a Non-Global Zone From One Machine to Another

The zonecfg and zoneadm commands have been modified to enable you to migrate a non-global zone from one system to another. The procedure used detaches a halted zone from its current location, and attaches the zone at a new location. The global zone on the target system must be running the following:

• The same release as the original host

• The same versions of operating system packages and patches as the original host

The zone detach process creates the information necessary to attach the zone on a different system. The zone attach process verifies that the new machine has the correct configuration to host the zone. You can make the zonepath available on the new host in several ways. Therefore, the actual movement of the zonepath from one system to another is a manual process that is performed by the zone administrator.

When attached to the new system, the zone is in the installed state.

For more information, see:

• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones

• zonecfg(1M) man page

• zoneadm(1M) man page

Configurable Privileges for Non-Global Zones

The limitpriv property of the zonecfg command can be used to specify the set of privileges that processes are limited to in a non-global zone.

You can do the following:

• Augment the default set of privileges with the understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource

• Create a zone with fewer privileges than the default, safe set

For more information about configuring privileges for zones and zone privilege restrictions, see:

• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones

• zonecfg(1M) man page

Note the following:

• Non-global zones are still booted with the standard set of safe privileges by default.

• One set of privileges cannot be removed from the zone's privilege set, and another set of privileges cannot be included in the zone's privilege set