Go to main content

Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: August 2019

Methods for Administering Non-Global Immutable Zones

Administrators must explicitly configure access to immutable zones for administrative operations. More secure methods require authorization and depend on the MWAC policy in effect and on your mode of access. Secure methods use the trusted path. A simple, insecure method is to briefly make the zone mutable, make your changes, then reboot the zone as immutable.

  • Use the Trusted Path Domain – You must have access to a console and configure the console and users to access the Trusted Path Domain (TPD).

    See Administering an Immutable Zone by Using the Trusted Path Domain.

    Note -  Except for the flexible-configuration policy, the other three MWAC policies enforce the safe mode, where you can access and modify immutable files only.
  • Make the entire zone temporarily writable – You must have access to a terminal window and be authorized to run the zoneadm or zlogin command.

    The zoneadm method is useful for small, fast fixes. You boot the immutable zone as temporarily writable, make your changes, and reboot.

    The zlogin method is useful for editing protected files and updating packages. During the zlogin session, the zone is writable. This method cannot be used with console login.

    See Administering an Immutable Zone by Making It Writable.