Oracle Solaris provides similar security measures to global and non-global zones.
IPsec and IKE protect the network, rights and auditing prevent unauthorized use of resources, and immutable zones prevent zone modification.
For information about rights profiles for zones, see Using Rights Profiles to Install and Manage Zones.
For information about privileges in zones, see Privileges in a Non-Global Zone.
For information about preventing zone modification, see Configuring and Administering Immutable Zones.
For information about auditing zones, refer to:
For information about IPsec and IKE, and Packet Filter, see Exclusive-IP Zones Traffic, Traffic Security, and IPMP Configuration and Shared-IP Zones Traffic, Traffic Security, and IPMP Configuration.
Zone processes are restricted to a subset of privileges to prevent a zone from affecting other zones, including the global zone. To display the privileges available in a zone, type the following from the appropriate zone:
global$ ppriv -l zonename
zonename> ppriv -l
Not all privileges that are installed by default are necessary. However, zones must keep the following privileges:
You can add privileges to a zone's default privileges. For example, see Example 35, Adding DTrace Privileges to a Non-Global Zone. However, the following privileges are reserved for the global zone and cannot be added to a zone:
For further information about privileges, review the following:
privileges(7) man page