Go to main content

Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: August 2019
 
 

Immutable Global Zones

Immutable global zones extend immutable non-global zones to global zones.

Configuring an Immutable Global Zone

To configure an immutable global zone is similar to configuring an immutable non-global zone. The MWAC security policy is set with the zonecfg command, as Setting the MWAC Security Policy describes. After committing the zone configuration, the boot information is written and the boot archive is updated. The global zone becomes immutable immediately. No reboot is necessary.

    The following information is specific to immutable global zones:

  • If the global zone uses DHCP to set network interfaces, the flexible-configuration MWAC policy must be selected.

  • The rpool dataset is restricted.

    You can add an unrestricted sub-dataset by using the zonecfg add dataset command. An immutable global zone can only run zones in unrestricted datasets. All the children of an unrestricted dataset are also unrestricted.

Maintaining an Immutable Global Zone

The most secure method of maintaining the global zone is by using the trusted path. Trusted path is only available on the console, so ensure that the console is accessible through the ILOM, a serial connection or through the graphical console.

After a system is configured to be immutable, configure the console login with the trusted path. For the procedure, see How to Enable Administrative Access to an Immutable Zone From the Console. After you have configured the console login, the root account cannot log in and administer the zone. You must log in as a user who is authorized to use the trusted path. After logging in, you can then assume a role.

When you run the pkg update command in an immutable global zone, the first boot is read-write. The system needs these permissions to perform the required self-assembly steps. When the self-assembly steps have been performed, the system becomes immutable again.