JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones     Oracle Solaris 10 1/13 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Resource Management

1.  Introduction to Solaris 10 Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

15.  Resource Control Functionality in the Solaris Management Console

Part II Zones

16.  Introduction to Solaris Zones

17.  Non-Global Zone Configuration (Overview)

18.  Planning and Configuring Non-Global Zones (Tasks)

19.  About Installing, Halting, Cloning, and Uninstalling Non-Global Zones (Overview)

20.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

21.  Non-Global Zone Login (Overview)

22.  Logging In to Non-Global Zones (Tasks)

23.  Moving and Migrating Non-Global Zones (Tasks)

24.  Oracle Solaris 10 9/10: Migrating a Physical Oracle Solaris System Into a Zone (Tasks)

25.  About Packages and Patches on an Oracle Solaris System With Zones Installed (Overview)

26.  Adding and Removing Packages and Patches on an Oracle Solaris System With Zones Installed (Tasks)

27.  Oracle Solaris Zones Administration (Overview)

What's New in This Chapter?

Global Zone Visibility and Access

Process ID Visibility in Zones

System Observability in Zones

Non-Global Zone Node Name

File Systems and Non-Global Zones

The -o nosuid Option

Mounting File Systems in Zones

Unmounting File Systems in Zones

Security Restrictions and File System Behavior

Non-Global Zones as NFS Clients

Use of mknod Prohibited in a Zone

Traversing File Systems

Restriction on Accessing A Non-Global Zone From the Global Zone

Networking in Shared-IP Non-Global Zones

Shared-IP Zone Partitioning

Shared-IP Network Interfaces

IP Traffic Between Shared-IP Zones on the Same Machine

Oracle Solaris IP Filter in Shared-IP Zones

IP Network Multipathing in Shared-IP Zones

Oracle Solaris 10 8/07: Networking in Exclusive-IP Non-Global Zones

Exclusive-IP Zone Partitioning

Exclusive-IP Data-Link Interfaces

IP Traffic Between Exclusive-IP Zones on the Same Machine

Oracle Solaris IP Filter in Exclusive-IP Zones

IP Network Multipathing in Exclusive-IP Zones

Device Use in Non-Global Zones

/dev and the /devices Namespace

Exclusive-Use Devices

Device Driver Administration

Utilities That Do Not Work or Are Modified in Non-Global Zones

Utilities That Do Not Work in Non-Global Zones

SPARC: Utility Modified for Use in a Non-Global Zone

Running Applications in Non-Global Zones

Resource Controls Used in Non-Global Zones

Fair Share Scheduler on an Oracle Solaris System With Zones Installed

FSS Share Division in a Non-Global Zone

Share Balance Between Zones

Extended Accounting on an Oracle Solaris System With Zones Installed

Privileges in a Non-Global Zone

Using IP Security Architecture in Zones

IP Security Architecture in Shared-IP Zones

Oracle Solaris 10 8/07: IP Security Architecture in Exclusive-IP Zones

Using Oracle Solaris Auditing in Zones

Configuring Audit in the Global Zone

Configuring User Audit Characteristics in a Non-Global Zone

Providing Audit Records for a Specific Non-Global Zone

Core Files in Zones

Running DTrace in a Non-Global Zone

About Backing Up an Oracle Solaris System With Zones Installed

Backing Up Loopback File System Directories

Backing Up Your System From the Global Zone

Backing Up Individual Non-Global Zones on Your System

Determining What to Back Up in Non-Global Zones

Backing Up Application Data Only

General Database Backup Operations

Tape Backups

About Restoring Non-Global Zones

Commands Used on an Oracle Solaris System With Zones Installed

28.  Oracle Solaris Zones Administration (Tasks)

29.  Upgrading an Oracle Solaris 10 System That Has Installed Non-Global Zones

30.  Troubleshooting Miscellaneous Oracle Solaris Zones Problems

Part III lx Branded Zones

31.  About Branded Zones and the Linux Branded Zone

32.  Planning the lx Branded Zone Configuration (Overview)

33.  Configuring the lx Branded Zone (Tasks)

34.  About Installing, Booting, Halting, Cloning, and Uninstalling lx Branded Zones (Overview)

35.  Installing, Booting, Halting, Uninstalling and Cloning lx Branded Zones (Tasks)

36.  Logging In to lx Branded Zones (Tasks)

37.  Moving and Migrating lx Branded Zones (Tasks)

38.  Administering and Running Applications in lx Branded Zones (Tasks)

Glossary

Index

Commands Used on an Oracle Solaris System With Zones Installed

The commands identified in Table 27-3 provide the primary administrative interface to the zones facility.

Table 27-3 Commands Used to Administer Zones

Command Reference
Description
zlogin(1)
Log in to a non-global zone
zonename(1)
Prints the name of the current zone
zoneadm(1M)
Administers zones on a system
zonecfg(1M)
Used to set up a zone configuration
getzoneid(3C)
Used to map between zone ID and name
zones(5)
Provides description of zones facility
zcons(7D)
Zone console device driver

The zoneadmd daemon is the primary process for managing the zone's virtual platform. The man page for the zoneadmd daemon is zoneadmd(1M). The daemon does not constitute a programming interface.

The commands in the next table are used with the resource capping daemon.

Table 27-4 Commands Used With rcapd

Command Reference
Description
rcapstat(1)
Monitors the resource utilization of capped projects.
rcapadm(1M)
Configures the resource capping daemon, displays the current status of the resource capping daemon if it has been configured, and enables or disables resource capping. Also used to set a temporary memory cap.
rcapd(1M)
The resource capping daemon.

The commands identified in the following table have been modified for use on an Oracle Solaris system with zones installed. These commands have options that are specific to zones or present information differently. The commands are listed by man page section.

Table 27-5 Commands Modified for Use on an Oracle Solaris System With Zones Installed

Command Reference
Description
ipcrm(1)
Added -z zone option. This option is only useful when the command is executed in the global zone.
ipcs(1)
Added -z zone option. This option is only useful when the command is executed in the global zone.
pgrep(1)
Added -z zoneidlist option. This option is only useful when the command is executed in the global zone.
ppriv(1)
Added the expression zone for use with the -l option to list all privileges available in the current zone. Also use the option -v after zone to obtain verbose output.
priocntl(1)
Zone ID can be used in idlist and -i idtype to specify processes. You can use the priocntl -i zoneid command to move running processes into a different scheduling class in a non-global zone.
proc(1)
Added -z zone option to ptree only. This option is only useful when the command is executed in the global zone.
ps(1)
Added zonename and zoneid to list of recognized format names used with the -o option.

Added -z zonelist to list only processes in the specified zones. Zones can be specified either by zone name or by zone ID. This option is only useful when the command is executed in the global zone.

Added -Z to print the name of the zone associated with the process. The name is printed under an additional column header, ZONE.
renice(1)
Added zoneid to list of valid arguments used with the -i option.
sar(1)
If executed in a non-global zone in which the pools facility is enabled, the -b, -c -g, -m, -p, -u, -w, and -y options display values only for processors that are in the processor set of the pool to which the zone is bound.
auditconfig(1M)
Added zonename token.
auditreduce(1M)
Added -z zone-name option. Added ability to get an audit log of a zone.
coreadm(1M)
Added variable %z to identify the zone in which process executed.
df(1M)
Added -Z option to display mounts in all visible zones.
ifconfig(1M)
Added zone option for global zone use (the default), and -zone zonename for non-global zone use.
iostat(1M)
If executed in a non-global zone in which the pools facility is enabled, information is provided only for those processors that are in the processor set of the pool to which the zone is bound.
kstat(1M)
If executed in the global zone, kstats are displayed for all zones. If executed in a non-global zone, only kstats with a matching zoneid are displayed.
mpstat(1M)
If executed in a non-global zone in which the pools facility is enabled, command only displays lines for the processors that are in the processor set of the pool to which the zone is bound.
ndd(1M)
When used in the global zone, displays information for all zones. ndd on the TCP/IP modules in an exclusive-IP zone only displays information for that zone.
netstat(1M)
Displays information for the current zone only.
nfsstat(1M)
Displays statistics for the current zone only.
poolbind(1M)
Added zoneid list. Also see Resource Pools Used in Zones for information about using zones with resource pools.
prstat(1M)
Added -z zoneidlist option. Also added -Z option.

If executed in a non-global zone in which the pools facility is enabled, the percentage of recent CPU time used by the process is displayed only for the processors in the processor set of the pool to which the zone is bound.

Output of the -a, -t, -T, -J, and -Z options displays a SWAP instead of a SIZE column. The swap reported is the total swap consumed by the zone's processes and tmpfs mounts. This value assists in monitoring the swap reserved by each zone, which can be used to choose a reasonable zone.max-swap setting.
psrinfo(1M)
If executed in a non-global zone, only information about the processors visible to the zone is displayed.
traceroute(1M)
Usage change. When specified from within a non-global zone, the -F option has no effect because the “don't fragment” bit is always set.
vmstat(1M)
When executed in a non-global zone in which the pools facility is enabled, statistics are reported only for the processors in the processor set of the pool to which the zone is bound. Applies to output from the -p option and the page, faults, and cpu report fields.
auditon(2)
Added AUDIT_ZONENAME to generate a zone ID token with each audit record.
priocntl(2)
Added P_ZONEID id argument.
processor_info(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
p_online(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_bind(2)
Added P_ZONEID as idtype. Added zone to possible choices for P_MYID specification. Added P_ZONEID to valid idtype list in EINVAL error description.
pset_info(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_list(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
pset_setattr(2)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
sysinfo(2)
Changed PRIV_SYS_CONFIG to PRIV_SYS_ADMIN.
umount(2)
ENOENT is returned if file pointed to by file is not an absolute path.
getloadavg(3C)
If the caller is in a non-global zone and the pools facility is enabled, the behavior is equivalent to calling with a psetid of PS_MYID.
getpriority(3C)
Added zone IDs to target processes that can be specified. Added zone ID to EINVAL error description.
priv_str_to_set(3C)
Added “zone” string for the set of all privileges available within the caller's zone.
pset_getloadavg(3C)
If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned.
sysconf(3C)
If the caller is in a non-global zone and the pools facility enabled, sysconf(_SC_NPROCESSORS_CONF) and sysconf(_SC_NPROCESSORS_ONLN) return the number of processors in the processor set of the pool to which the zone is bound.
ucred_get(3C)
Added ucred_getzoneid() function, which returns the zone ID of the process or -1 if the zone ID is not available.
core(4)
Added n_type: NT_ZONENAME. This entry contains a string that describes the name of the zone in which the process was running.
pkginfo(4)
Now provides optional parameters and an environment variable in support of zones.
proc(4)
Added capability to obtain information on processes running in zones.
audit_syslog(5)
Added in<zone name> field that is used if the zonename audit policy is set.
privileges(5)
Added PRIV_PROC_ZONE, which allows a process to trace or send signals to processes in other zones. See zones(5).
if_tcp(7P)
Added zone ioctl() calls.
cmn_err(9F)
Added zone parameter.
ddi_cred(9F)
Added crgetzoneid(), which returns the zone ID from the user credential pointed to by cr.
Copyright © 2004, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next