JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Zones, Oracle Solaris 10 Containers, and Resource Management     Oracle Solaris 11 Express 11/10
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Oracle Solaris Resource Management

1.  Introduction to Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

Part II Oracle Solaris Zones

15.  Introduction to Oracle Solaris Zones

16.  Non-Global Zone Configuration (Overview)

17.  Planning and Configuring Non-Global Zones (Tasks)

18.  About Installing, Halting, Uninstalling, and Cloning Non-Global Zones (Overview)

19.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

20.  Non-Global Zone Login (Overview)

21.  Logging In to Non-Global Zones (Tasks)

22.  Moving and Migrating Non-Global Zones (Tasks)

23.  About Packages on an Oracle Solaris 11 Express System With Zones Installed

24.  Oracle Solaris Zones Administration (Overview)

Global Zone Visibility and Access

Process ID Visibility in Zones

System Observability in Zones

Reporting Active Zone Statistics with the zonestat Utility

Non-Global Zone Node Name

File Systems and Non-Global Zones

The -o nosuid Option

Mounting File Systems in Zones

Unmounting File Systems in Zones

Security Restrictions and File System Behavior

Non-Global Zones as NFS Clients

Use of mknod Prohibited in a Zone

Traversing File Systems

Restriction on Accessing A Non-Global Zone From the Global Zone

Networking in Shared-IP Non-Global Zones

Shared-IP Zone Partitioning

Shared-IP Network Interfaces

IP Traffic Between Shared-IP Zones on the Same Machine

Oracle Solaris IP Filter in Shared-IP Zones

IP Network Multipathing in Shared-IP Zones

Networking in Exclusive-IP Non-Global Zones

Exclusive-IP Zone Partitioning

Exclusive-IP Data-Link Interfaces

IP Traffic Between Exclusive-IP Zones on the Same Machine

Oracle Solaris IP Filter in Exclusive-IP Zones

IP Network Multipathing in Exclusive-IP Zones

Device Use in Non-Global Zones

/dev and the /devices Namespace

Exclusive-Use Devices

Device Driver Administration

Utilities That Do Not Work or Are Modified in Non-Global Zones

Utilities That Do Not Work in Non-Global Zones

SPARC: Utility Modified for Use in a Non-Global Zone

Running Applications in Non-Global Zones

Resource Controls Used in Non-Global Zones

Fair Share Scheduler on a System With Zones Installed

FSS Share Division in a Global or Non-Global Zone

Share Balance Between Zones

Extended Accounting on a System With Zones Installed

Privileges in a Non-Global Zone

Using IP Security Architecture in Zones

IP Security Architecture in Shared-IP Zones

IP Security Architecture in Exclusive-IP Zones

Using Oracle Solaris Auditing in Zones

Core Files in Zones

Running DTrace in a Non-Global Zone

About Backing Up an Oracle Solaris System With Zones Installed

Backing Up Loopback File System Directories

Backing Up Your System From the Global Zone

Backing Up Individual Non-Global Zones on Your System

Creating Oracle Solaris ZFS Backups

Determining What to Back Up in Non-Global Zones

Backing Up Application Data Only

General Database Backup Operations

Tape Backups

About Restoring Non-Global Zones

Commands Used on a System With Zones Installed

25.  Administering Oracle Solaris Zones (Tasks)

26.  Troubleshooting Miscellaneous Oracle Solaris Zones Problems

Part III Oracle Solaris 10 Zones

27.  Introduction to Oracle Solaris 10 Zones

28.  Assessing an Oracle Solaris 10 System and Creating an Archive

29.  (Optional) Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Container

30.  Configuring the solaris10 Branded Zone

31.  Installing the solaris10 Branded Zone

32.  Booting a Zone and Zone Migration

33.  solaris10 Branded Zone Login and Post-Installation Configuration

Glossary

Index

Commands Used on a System With Zones Installed

The commands identified in Table 24-3 provide the primary administrative interface to the zones facility.

Table 24-3 Commands Used to Administer Zones

Command Reference
Description
zlogin(1)
Log in to a non-global zone
zonename(1)
Prints the name of the current zone
zoneadm(1M)
Administers zones on a system
zonecfg(1M)
Used to set up a zone configuration
getzoneid(3C)
Used to map between zone ID and name
zones(5)
Provides description of zones facility
zcons(7D)
Zone console device driver

The zoneadmd daemon is the primary process for managing the zone's virtual platform. The man page for the zoneadmd daemon is zoneadmd(1M). The daemon does not constitute a programming interface.

The commands in the next table are used with the resource capping daemon.

Table 24-4 Commands Used With rcapd

Command Reference
Description
rcapstat(1)
Monitors the resource utilization of capped projects.
rcapadm(1M)
Configures the resource capping daemon, displays the current status of the resource capping daemon if it has been configured, and enables or disables resource capping
rcapd(1M)
The resource capping daemon.

The commands identified in the following table have been modified for use on an Oracle Solaris system with zones installed. These commands have options that are specific to zones or present information differently. The commands are listed by man page section.

Table 24-5 Commands Modified for Use on an Oracle Solaris System With Zones Installed

Command Reference
Description
ipcrm(1)
Added -z zone option. This option is only useful when the command is executed in the global zone.
ipcs(1)
Added -z zone option. This option is only useful when the command is executed in the global zone.
pgrep(1)
Added -z zoneidlist option. This option is only useful when the command is executed in the global zone.
ppriv(1)
Added the expression zone for use with the -l option to list all privileges available in the current zone. Also use the option -v after zone to obtain verbose output.
priocntl(1)
Zone ID can be used in idlist and -i idtype to specify processes. You can use the priocntl -i zoneid command to move running processes into a different scheduling class in a non-global zone.
proc(1)
Added -z zone option to ptree only. This option is only useful when the command is executed in the global zone.
ps(1)
Added zonename and zoneid to list of recognized format names used with the -o option.

Added -z zonelist to list only processes in the specified zones. Zones can be specified either by zone name or by zone ID. This option is only useful when the command is executed in the global zone.

Added -Z to print the name of the zone associated with the process. The name is printed under an additional column header, ZONE.
renice(1)
Added zoneid to list of valid arguments used with the -i option.
sar(1)
If executed in a non-global zone in which the pools facility is enabled, the -b, -c -g, -m, -p, -u, -w, and -y options display values only for processors that are in the processor set of the pool to which the zone is bound.
auditconfig(1M)
Added zonename token.
auditreduce(1M)
Added -z zone-name option. Added ability to get an audit log of a zone.
coreadm(1M)
Added variable %z to identify the zone in which process executed.
df(1M)
Added -Z option to display mounts in all visible zones. This option has no effect in a non-global zone.
ifconfig(1M)
Added zone option for global zone use (the default), and -zone zonename for non-global zone use.
iostat(1M)
If executed in a non-global zone in which the pools facility is enabled, information is provided only for those processors that are in the processor set of the pool to which the zone is bound.
kstat(1M)
If executed in the global zone, kstats are displayed for all zones. If executed in a non-global zone, only kstats with a matching zoneid are displayed.
mpstat(1M)
If executed in a non-global zone in which the pools facility is enabled, command only displays lines for the processors that are in the processor set of the pool to which the zone is bound.
ndd(1M)
When used in the global zone, displays information for all zones. ndd on the TCP/IP modules in an exclusive-IP zone only displays information for that zone.
netstat(1M)
Displays information for the current zone only.
nfsstat(1M)
Displays statistics for the current zone only.
poolbind(1M)
Added zoneid list. Also see Resource Pools Used in Zones for information about using zones with resource pools.
prstat(1M)
Added -z zoneidlist option. Also added -Z option.

If executed in a non-global zone in which the pools facility is enabled, the percentage of recent CPU time used by the process is displayed only for the processors in the processor set of the pool to which the zone is bound.

Output of the -a, -t, -T, -J, and -Z options displays a SWAP instead of a SIZE column. The swap reported is the total swap consumed by the zone's processes and tmpfs mounts. This value assists in monitoring the swap reserved by each zone, which can be used to choose a reasonable zone.max-swap setting.
psrinfo(1M)
If executed in a non-global zone, only information about the processors visible to the zone is displayed.
traceroute(1M)
Usage change. When specified from within a non-global zone, the -F option has no effect because the “don't fragment” bit is always set.
vmstat(1M)
When executed in a non-global zone in which the pools facility is enabled, statistics are reported only for the processors in the processor set of the pool to which the zone is bound. Applies to output from the -p option and the page, faults, and cpu report fields.
auditon(2)
Added AUDIT_ZONENAME to generate a zone ID token with each audit record.
priocntl(2)
Added P_ZONEID id argument.
processor_info(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
p_online(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_bind(2)
Added P_ZONEID as idtype. Added zone to possible choices for P_MYID specification. Added P_ZONEID to valid idtype list in EINVAL error description.
pset_info(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_list(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_setattr(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
sysinfo(2)
Changed PRIV_SYS_CONFIG to PRIV_SYS_ADMIN.
umount(2)
ENOENT is returned if file pointed to by file is not an absolute path.
getloadavg(3C)
If the caller is in a non-global zone and the pools facility is enabled, the behavior is equivalent to calling with a psetid of PS_MYID.
getpriority(3C)
Added zone IDs to target processes that can be specified. Added zone ID to EINVAL error description.
priv_str_to_set(3C)
Added “zone” string for the set of all privileges available within the caller's zone.
pset_getloadavg(3C)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
sysconf(3C)
If the caller is in a non-global zone and the pools facility enabled, sysconf(_SC_NPROCESSORS_CONF) and sysconf(_SC_NPROCESSORS_ONLN) return the number of total and online processors in the processor set of the pool to which the zone is bound.
ucred_get(3C)
Added ucred_getzoneid() function, which returns the zone ID of the process or -1 if the zone ID is not available.
core(4)
Added n_type: NT_ZONENAME. This entry contains a string that describes the name of the zone in which the process was running.
pkginfo(4)
Now provides optional parameters and an environment variable in support of zones.
proc(4)
Added capability to obtain information on processes running in zones.
audit_syslog(5)
Added in<zone name> field that is used if the zonename audit policy is set.
privileges(5)
Added PRIV_PROC_ZONE, which allows a process to trace or send signals to processes in other zones. See zones(5).
if_tcp(7P)
Added zone ioctl() calls.
cmn_err(9F)
Added zone parameter.
ddi_cred(9F)
Added crgetzoneid(), which returns the zone ID from the user credential pointed to by cr.
Copyright © 2004, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next