After a non-global zone is installed, the zone must never be accessed directly from the global zone by any commands other than system backup utilities. Moreover, a non-global zone can no longer be considered secure after it has been exposed to an unknown environment. An example would be a zone placed on a publicly accessible network, where it would be possible for the zone to be compromised and the contents of its file systems altered. If there is any possibility that compromise has occurred, the global administrator should treat the zone as untrusted.
Any command that accepts an alternative root by using the –R or –b options (or the equivalent) must not be used when the following are true:
The command is run in the global zone.
The alternative root refers to any path within a non-global zone, whether the path is relative to the current running system's global zone or the global zone in an alternative root.
An example is the –R root_path option to the pkgadd utility run from the global zone with a non-global zone root path.
The list of commands, programs, and utilities that use –R with an alternative root path include the following:
auditreduce
bart
installf
localeadm
makeuuid
metaroot
pkg
prodreg
removef
routeadm
showrev
syseventadm
The list of commands and programs that use –b with an alternative root path include the following:
add_drv
pprosetup
rem_drv
roleadd
update_drv
useradd