About Oracle Solaris Kernel Zones

An Oracle Solaris Kernel Zone, also called a solaris-kz branded zone, uses the branded zones framework to run a zone with a separate kernel and operating system (OS) installation from the global zone. The separate kernel and OS installation provide for greater independence and enhanced security of operating system instances and applications.

The administrative and structural content of a kernel zone is entirely independent from that of the global zone. For example, a kernel zone does not share system packaging with the global zone, or kernel zone host. Package updates on the kernel zone host are not linked images and do not affect kernel zones. Similarly, packaging commands such as pkg update are fully functional from inside of a kernel zone. See Chapter 3, Installing, Removing, and Updating Software Packages, in Packaging and Delivering Software With the Image Packaging System in Oracle Solaris 11.2 for additional information on packaging commands.

System processes are handled in the kernel zone's separate process ID table and are not shared with the global zone. Resource management in kernel zones is also different. Resource controls such as max-processes are not available when configuring a kernel zone.

Use the existing zlogin, zonecfg, and zoneadm commands to manage and to administer kernel zones on the global zone.

For more information about the branded zones framework, see the brands(5) man page.

See Chapter 1, Oracle Solaris Zones Introduction, in Introduction to Oracle Solaris Zones for additional overview in regard to kernel zones concepts.