This procedure enables separate zone administrators to control the audit service in their zone. For the complete list of policy options, see the auditconfig (1M) man page.
Before You Begin
To configure auditing, you must become an administrator who is assigned the Audit Configuration rights profile. To enable the audit service, you must become an administrator who is assigned the Audit Control rights profile . For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
Specifically, do not add the perzone or ahlt policy to the non-global zone.
myzone# audit -s
This example works if the perzone audit policy is set. The zone administrator of the noaudit zone disables auditing for that zone.
noauditzone # auditconfig -getcond audit condition = auditing noauditzone # audit -t noauditzone # auditconfig -getcond audit condition = noaudit