Go to main content

Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: August 2019

Setting Values of Zone Properties and Resources

    This section contains examples of how to set selected zone properties and resources. All the examples assume the following:

  • You have been granted the appropriate rights or role.

  • You are in a profile shell.

  • You apply the settings either through the zoneadm apply command or by rebooting the zone.

Note -  The examples here are not exhaustive. For a complete list of zone resources and properties, see the zonecfg(8) man page or Oracle Solaris Zones Configuration Resources.

The examples also show how to display the configurations that you set by using the zonecfg info syntax as described in Using the zonecfg Command.

Limiting the Zone's Resources

Limiting the resources that a zone can use helps you to manage resource usage between the non-global zone and the global zone, or among multiple zones on the host. You can better allocate resources among the different zones so that each zone has only what it needs to fulfill its purpose.

Assigning CPUs to the Zone

This example shows how to dedicate specific CPUs or assign a range of CPUs for the zone to use.

global$ zonecfg -z zoneA
zonecfg:zoneA> add dedicated-cpu
zonecfg:zoneA:dedicated-cpu> set ncpus=1-2
zonecfg:zoneA:dedicated-cpu> set importance=10
zonecfg:zoneA:dedicated-cpu> end
zonecfg:zoneA> info
      ncpus: 1-2
      importance: 10
zonecfg:zoneA> exit
global$ Reboot or run zoneadm apply command.
Example 4  Making Persistent Changes to a Running Zone

This example specifies zonecfg commands to set the cpu-shares resource, clear the pool resource settings, and add an anet resource for the running zone zone1, then applies the changes to the persistent zone configuration.

global$ pfbash zonecfg -z zone1 "set cpu-shares=4;clear pool;add anet;"
global$ zoneadm -z zone1 apply
    zone1: Checking: set property cpu-shares=4
    zone1: Checking: clear property pool
    zone1: Checking: add anet linkname=myanet0
    zone1: Applying changes

Setting Cap Limits for Memory

This example shows how to set limits for memory, swap memory, and locked memory.

global$ zonecfg -z zoneA
zonecfg:zoneA> add capped-memory
zonecfg:zoneA:capped-memory> set physical=1g
zonecfg:zoneA:capped-memory> set swap=2g
zonecfg:zoneA:capped-memory> set locked=500m
zonecfg:zoneA:capped-memory> end
zonecfg:zoneA> info
      physical: 1G
      [swap: 2G]
      [locked: 500M]
rctl 0:
      name: zone.max-swap
      value: (priv=privileged,limit=2147483648,action=deny)
rctl 1:
      name: zone.max-locked-memory
      value: (priv=privileged,limit=524288000,action=deny)
zonecfg:zoneA> exit
global$ Reboot or run zoneadm apply command.

Adding File Systems for Zone Use

You can add multiple file systems for zone use through the fs resource. This resource has multiple file system types. The following examples show how to use the LOFS and UFS file types. For examples of using ZFS, the default file system type, see Configuring the dataset Property on solaris Zones.

Example 5  Sharing a Directory With the Global Zone

This example specifically involves the type called loopback file system (lofs) which enables a zone to share a directory with the global zone. The lofs file system type is also used to grant zone access to media such as a DVD drive.

Suppose that you want to grant zone access to the /opt/mysoftware directory in the global zone. In the example's different commands, special identifies the global directory to be shared, dir specifies the mount point in the zone through which the global directory is accessed, and options specifies the zone permissions (read-only) in the shared directory. The read-only permission prevents users in the non-global zone from making changes to the global zone directory.

global$ zonecfg -z zoneA
zonecfg:zoneA> add fs
zonecfg:zoneA:fs> set type=lofs
zonecfg:zoneA:fs> set special=/opt/mysoftware
zonecfg:zoneA:fs> set dir=/usr/software
zonecfg:zoneA:fs> set options=ro
zonecfg:zoneA:fs> end
zonecfg:zoneA> info
fs 0:
      dir: /usr/software
      special: /opt/mysoftware
      raw not specified
      type: lofs
      options: [ro]
zonecfg:zoneA> exit
global$ Reboot or run zoneadm apply command.
Example 6  Assigning a UNIX File System to a Zone

The fs resource also supports UNIX file systems (UFS). Suppose that you have a UFS file system on the slice /dev/rdsk/c1t1d0s0. This example shows how to make that file system available to the zone.

In the example, special identifies the block device path of the UFS file system, raw is the raw device path where the fsck process is run, and dir is the mount point of the file system for the zone.

global$ zonecfg -z zoneA
zonecfg:zoneA> add fs
zonecfg:zoneA:fs> set type=ufs
zonecfg:zoneA:fs> set special=/dev/dsk/c1t1d0s0
zonecfg:zoneA:fs> set raw=/dev/rdsk/c1t1d0s0
zonecfg:zoneA:fs> set dir=/data
zonecfg:zoneA:fs> end
zonecfg:zoneA> exit
global$ zonecfg -z zoneA info
fs 0
      dir: /usr/software
      special: /opt/mysoftware
      raw not specified
      type: lofs
      options: [ro]

fs 1
      dir: /data
      special: /dev/dsk/c1t1d0s0
      raw: /dev/rdsk/c1t1d0s0
      type: ufs
      options: [ ]
global$Reboot or run zoneadm apply command.

Setting the hwprovider Property to Override the Global Zone Value (solaris10 Only)

The hwprovider property indicates the current hardware manufacturer string. To determine the value in a solaris10 branded zone, review the output of the prtconf command or the sysinfo(SI_HW_PROVIDER, ..) system call. You can also use the zonecfg -z solaris10brandedzonename info -a command.

    Use the zonecfg command to set or clear the string in the zone.

  • To set the string in the zone, use the following command:

    zonecfg> set hwprovider = "Sun_Microsystems"
  • To clear the string and use the global zone string:

    zonecfg> clear hwprovider

For more information, see hwprovider Global Property (solaris10 Only) in Oracle Solaris Zones Configuration Resources.

Setting Time Values in Non-Global Zones

You can set time values in non-global zones that are different from the value in the global zone by using the Network Time Protocol (NTP). Two features interact, the global-time property for the zone and the sys_time privilege on the time-setting process. While you can set different times in non-global zones, if the time is changed in the global zone, the non-global zones time are offset by the same amount.

NTP can be run from any zone, affecting only the zone in which the command is run. When running NTP across a system with non-global zones that have different times, run NTP in the global zone to synchronize all the non- global zone clocks that just run at an offset. The effect of NTP changing the time through clock modulation in the global zone will transfer to a non global-zone as well.

  • When NTP is run inside the zone with global-time set to false, the ntp_adjtime() and adjtime() system calls cannot be used to make corrections to the zone time. When global-time is set to false, NTP synchronizes the time by adjusting the clock to a given value.

  • When NTP is run inside the zone with global-time set to true, NTP can modulate the system clock through the ntp_adjtime() and adjtime() system calls. The true setting preserves keeping system time in tight synchronization with the zone.

For more information about the global-time property, see global-time Global Property (solaris and solaris10 Only) in Oracle Solaris Zones Configuration Resources. For information about setting the time, see the date(1) man page. For more information about privileges, see Privileges in a Non-Global Zone. For more information about adjtime() and ntp_adjtime(), see the adjtime(2) and ntp_adjtime(2) man pages.