| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management Oracle Solaris 11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management Oracle Solaris 11 Information Library |
Part I Oracle Solaris Resource Management
1. Introduction to Resource Management
2. Projects and Tasks (Overview)
3. Administering Projects and Tasks
4. Extended Accounting (Overview)
5. Administering Extended Accounting (Tasks)
6. Resource Controls (Overview)
7. Administering Resource Controls (Tasks)
8. Fair Share Scheduler (Overview)
9. Administering the Fair Share Scheduler (Tasks)
10. Physical Memory Control Using the Resource Capping Daemon (Overview)
11. Administering the Resource Capping Daemon (Tasks)
13. Creating and Administering Resource Pools (Tasks)
14. Resource Management Configuration Example
15. Introduction to Oracle Solaris Zones
16. Non-Global Zone Configuration (Overview)
17. Planning and Configuring Non-Global Zones (Tasks)
18. About Installing, Shutting Down, Halting, Uninstalling, and Cloning Non-Global Zones (Overview)
19. Installing, Booting, Shutting Down, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)
20. Non-Global Zone Login (Overview)
21. Logging In to Non-Global Zones (Tasks)
22. About Zone Migrations and the zonep2vchk Tool
23. Migrating Oracle Solaris Systems and Migrating Non-Global Zones (Tasks)
24. About Automatic Installation and Packages on an Oracle Solaris 11 System With Zones Installed
25. Oracle Solaris Zones Administration (Overview)
26. Administering Oracle Solaris Zones (Tasks)
27. Configuring and Administering Immutable Zones
Options for Booting a Read-Only Zone With a Writable Root File System
28. Troubleshooting Miscellaneous Oracle Solaris Zones Problems
Part III Oracle Solaris 10 Zones
29. Introduction to Oracle Solaris 10 Zones
30. Assessing an Oracle Solaris 10 System and Creating an Archive
31. (Optional) Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Zone
32. Configuring the solaris10 Branded Zone
33. Installing the solaris10 Branded Zone
By default, the zonecfg file-mac-profile property is not set in a non-global zone. A zone is configured to have a writable root dataset.
In a solaris read-only zone, the file-mac-profile property is used to configure a read-only zone root. A read—only root restricts access to the runtime environment from inside the zone.
Through the zonecfg utility, the file-mac-profile can be set to one of the following values. All of the profiles except none will cause the /var/pkg directory and its contents to be read-only from inside the zone.
Standard, read-write, non-global zone, with no additional protection beyond the existing zones boundaries. Setting the value to none is equivalent to not setting file-mac-profile property.
Read-only file system, no exceptions.
IPS packages cannot be installed.
Persistently enabled SMF services are fixed.
SMF manifests cannot be added from the default locations.
Logging and auditing configuration files are fixed. Data can only be logged remotely.
Permits updates to /var/* directories, with the exception of directories that contain system configuration components.
IPS packages, including new packages, cannot be installed.
Persistently enabled SMF services are fixed.
SMF manifests cannot be added from the default locations.
Logging and auditing configuration files can be local. syslog and audit configuration are fixed.
Permits modification of files in /etc/* directories, changes to root's home directory, and updates to /var/* directories. This configuration provides closest functionality to the Oracle Solaris 10 native sparse root zone documented in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones. This is the Oracle Solaris 10 version of the guide.
IPS packages, including new packages, cannot be installed.
Persistently enabled SMF services are fixed.
SMF manifests cannot be added from the default locations.
Logging and auditing configuration files can be local. syslog and audit configuration can be changed.
Datasets added to a zone through the add dataset resource are not subject to MWAC policy. Zones that are delegated additional datasets have full control over those datasets. The platform datasets are visible, but their data and their properties are read-only unless the zone is booted read/write.
File systems added to a zone through the add fs resource are not subject to MWAC policy. A file system can be mounted read-only.
|