Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

Managing Zones

The following task map describes zone management tasks that are specific to Trusted Extensions. The map also links to common procedures that are performed in Trusted Extensions just as they are performed on an Oracle Solaris system.

Table 17  Managing Zones Task Map
Task
Description
For Instructions
View all zones.
At any label, views the zones that are dominated by the current zone.
View mounted directories.
At any label, views the directories that are dominated by the current label.
Enable regular users to view an /etc file.
Loopback mounts a directory or file from the global zone that is not visible by default in a labeled zone.
Prevent regular users from viewing a lower-level home directory from a higher label.
By default, lower-level directories are visible from higher-level zones. When you disable the mounting of one lower-level zone, you disable all mounts of lower-level zones.
Create a multilevel dataset for the changing of the labels on files.
Enables the relabeling of files in one ZFS dataset, no privilege required.
Configure a zone to enable the changing of the labels on files.
By default, labeled zones do not have the privilege that enables an authorized user to relabel a file. You modify the zone configuration to add the privilege.
Attach a ZFS dataset to a labeled zone and share it.
Mounts a ZFS dataset with read/write permissions in a labeled zone and shares the dataset read-only with a higher zone.
Configure a new primary zone.
Creates a zone at a label that is not currently being used to label a zone on this system.
Configure a secondary zone.
Creates a zone for isolating services.
Create a multilevel port for an application.
Multilevel ports are useful for programs that require a multilevel feed into a labeled zone.
Troubleshoot NFS mount and access problems.
Debugs general access issues for mounts and possibly for zones.
Remove a labeled zone.
Completely removes a labeled zone from the system.