Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019
 
 

How to Create a Secondary Labeled Zone

Secondary labeled zones are useful for isolating services in different zones, yet allowing the services to run at the same label. For more information, see Primary and Secondary Labeled Zones.

Before You Begin

The primary zone must exist. The secondary zone must have an exclusive IP address and cannot require a desktop.

You must be in the root role in the global zone.

  1. Create a secondary zone.

    You can use the command line or the Labeled Zone GUI, txzonemgr.

    • Use the command line.
      # tncfg -z secondary-label-service primary=no
      # tncfg -z secondary-label-service label=public
    • Use txzonemgr.
      # txzonemgr &

      Navigate to Create a new zone, and follow the prompts.


      Note - The netmask must be entered in prefix form. For example, the prefix equivalent of the 255.255.254.0 netmask is /23.
  2. Verify that the zone is a secondary zone.
    # tncfg -z zone info primary
    primary=no
Example 9  Creating a Zone for Public Scripts

In this example, the administrator isolates a public zone that is designed to run scripts and batch jobs.

# tncfg -z public-scripts primary=no
# tncfg -z public-scripts label=public