The following sections describe the global properties of a zone. Global properties apply to the zone configuration as a whole. For the complete list of global properties and their descriptions, see the zonecfg(8) man page.
For information about which global properties support Live Zone Reconfiguration in solaris and kernel zones, see Resource Types and Global Properties That Support Live Zone Reconfiguration.
Sets whether the zone is automatically booted when the global zone is booted. The zones service, svc:/system/zones:default, must also be enabled.
This property is set to false by default. If it is set to true, the zone is automatically booted when the global zone is booted.
global$ svcadm enable zones
Sets the action to take for this zone upon clean shutdown of the global zone. The property value can be shutdown (a clean zone shutdown; the default), halt, or suspend.
Sets a boot argument for the zone.
The boot argument is applied unless overridden by the reboot, zoneadm boot, or zoneadm reboot commands.
For the list of valid arguments, see the zoneadm(8) man page under "zoneadm boot".
Indicates the brand of the zone, one of labeled, solaris, solaris10, and solaris-kz. For more information, see the brands(7) man page.
Sets the booting order of zones on a system. Once the SMF dependencies are satisfied for a zone, the zone boots according to its configured boot-priority. Values for boot-priority are high, normal, and low. The default value is normal.
Enables or disables boot disk protection for a solaris-kz zone. Values are on and off. The default value is off. This feature requires that all boot disks be on storage LUNs that support SCSI-3 PGR reservation.
Specifies the migration class configured for a solaris-kz zone.
Only features enabled by the specified migration class are visible to an x86 kernel zone. To migrate an x86 kernel zone, ensure that the feature set visible to the kernel zone matches on both the source and target hosts by configuring the migration class cpu-arch global property. The source and the target hosts must be the same platform. On x86 hosts, the CPU model names must match.
If no value is set, the default value of cpu-arch is solaris. The zone boots with the same CPU class as the host. You can migrate the zone between CPU types that are of exactly the same type or are the same micro architecture.
The host does not resume a zone previously suspended on an incompatible platform. The host also does not boot a zone if the migration class is set to an incompatible value for the host platform. The CPU class of the zone cannot exceed the limits of the CPU class of the host.
No migration classes apply to AMD CPUs only.
The migration classes are as follows:
Kernel zone can perform a CPU-type independent migration, but not to a system older than the SPARC T4.
Use the generic class to migrate kernel zones between Oracle SPARC systems and Fujitsu systems.
Kernel zone can perform cross-CPU type migration between CPUs of Nehalem or later micro architectures.
This class supports the following features:
Kernel zone can perform cross-CPU type migration between CPUs of Westmere or later micro architectures.
Features supported by this class are all features supported by migration-class1 plus aes, lg-page, and pclmulqdq.
Kernel zone can perform cross-CPU type migration between CPUs of Sandy Bridge or later micro architectures.
Features supported by this class are all features supported by migration-class2 plus avx and xsave.
Kernel zone can perform cross-CPU type migration between CPUs of Ivy Bridge or later micro architectures.
Features supported by this class are all features supported by migration-class3 plus efs, f16c, and rdrand.
Kernel zone can perform cross-CPU type migration between CPUs of Haswell or later micro architectures.
Features supported by this class are all features supported by migration-class4 plus avx2, bmi1, bmi2, fma, lzcnt, and movbe,.
Kernel zone can perform cross-CPU type migration between CPUs of Haswell or later micro architectures.
Features supported by this class are all features supported by migration-class5 plus adx, prfchw, and. rdseed
Kernel zone can perform cross-CPU type migration between Fujitsu M10 and Fujitsu SPARC M12.
If no value is set, the kernel zone can migrate between CPUs of the same micro architecture or of the exact same type, if the micro architecture cannot be recognized.
Sets a limit on the number of fair share scheduler (FSS) CPU shares for a zone. For more information, see Scheduling Class and Using the Fair Share Scheduler on a System With Zones Installed in Creating and Using Oracle Solaris Zones.
Specifies an optional description of the zone. The description property value is a string of up to 255 US-ASCII characters.
Use this property when you want to provide a more detailed description of the zone and what it does.
Configures Immutable Zones. The possible values in order of which public files can be modified are:
For more information, see Chapter 10, Configuring and Administering Immutable Zones in Creating and Using Oracle Solaris Zones.
Enables the zone administrator the ability to mount any file system of that type, either created by the zone administrator or imported by using NFS, and administer that file system. File system mounting permissions within a running zone are also restricted by the fs-allowed global property. By default, only mounts of hsfs file systems and network file systems, such as NFS, are allowed within a zone.
The property can be used with a block device delegated into the zone as well.
The fs-allowed global property accepts a comma-separated list of additional file systems that can be mounted from within the zone, for example, ufs,pcfs:
zonecfg:my-zone> set fs-allowed=ufs,pcfs
This property does not affect zone mounts administrated by the global zone through the add fs or add dataset commands.
For security considerations, see File Systems and Non-Global Zones in Creating and Using Oracle Solaris Zones and Device Use in Non-Global Zones in Creating and Using Oracle Solaris Zones.
Enables either the system-wide or zone-specific time to be set from within the non-global zone:
global-time=true indicates that the zone is allowed to set system-wide time.
global-time=false indicates the zone is allowed to set zone-specific time.
You should assign a value for the global-time global property. However, if the value is not set but the sys_time privilege is explicitly assigned using the limitpriv property, the value of global-time is treated as true. If the sys_time privilege is not explicitly assigned by using the limitpriv property, global-time is treated as false.
Depending on the global-time global property setting in Oracle Solaris, a process within a non-global zone can manipulate either the virtual zone-specific time or the system-wide time by using the following system calls. The process must have the sys_time privilege.
stime
clock_settime
An IA-specific real-time clock (RTC) call to write time of day clock
See Privileges in a Non-Global Zone in Creating and Using Oracle Solaris Zones for more information about privileges.
Sets a hostid global property for the non-global zone that is different from the hostid of the global zone. This would be done, for example, in the case of a global zone that is migrated into a zone on another system. Applications now inside the zone might depend on the original hostid.
Specifies the host compatibility level configured for a solaris-kz brand zone.
A compatibility level is used to enable features on a target host during live or warm migration.
Only features enabled by both migration class and host compatibility level are visible to the kernel zone.
Features included in a compatibility level can be extended by specifying compatibility level modifiers. A modifier can only be used with designated compatibility level as listed after each modifier. The modifiers work on the SPARC platform only.
The possible host compatibility levels are as follows:
Make available all the features in the current version of Oracle Solaris.
If all of your systems are running the Oracle Solaris 11.4 release, set the host-compatible property to level1, which allows enabling of all features available in the release. The level1 level includes Silicon Secured Memory (SSM) or ADI, SPARC M7 and later SPARC series systems DAX Data Analytics Accelerator (DAX) coprocessors, and VA Mask features.
On DAX-capable hardware, DAX is always turned on in the global zone.
For information about using DAX to configure the Oracle Database 12c in-memory feature, see Using the In-Memory Column Store.
The SPARC modifier is as follows:
Enable the Silicon Secured Memory (SSM) feature, also known as ADI. By default, SSM is turned off for a kernel zone. On SSM-capable hardware, SSM is always turned on in the global zone. The host-compatible global property cannot be used to enable SSM if the SSM feature is not supported by the migration class.
The adi modifier can only be used with the default compatibility level.
For more information about Oracle Solaris and ADI or silicon secured memory, refer to the adi(2), memcntl(2), mmap(2), adi(3C), and siginfo(3HEAD) man pages. For more information about SSM functionality, visit Introduction to SPARC M7 and Silicon Secured Memory (SSM).
If no value is set, the default kernel zone's host compatibility level will only include features supported in the source host.
Configures the hardware manufacturer string for a solaris10 branded zone. The default configuration in a zone is no value. You might need to set the value to Sun_Microsystems when you are moving this zone to an Oracle Solaris 11.4 system.
For instructions, see Setting the hwprovider Property to Override the Global Zone Value (solaris10 Only) in Creating and Using Oracle Solaris Zones.
When this property is untouched or cleared, the hardware manufacturer string of the global zone is used for the solaris10 branded zone. See the sysinfo(2) man page.
Required for all non-global zones. Values are one of exclusive and shared. See Exclusive-IP Non-Global Zones, Shared-IP Non-Global Zones, and How to Create and Deploy a Non-Global Zone in Creating and Using Oracle Solaris Zones.
Specifies a privilege mask other than the default. See Privileges in a Non-Global Zone in Creating and Using Oracle Solaris Zones.
Privileges are added by specifying the privilege name, with or without the leading priv_. Privileges are excluded by preceding the name with a dash (-) or an exclamation mark (!). The privilege values are separated by commas and placed within quotation marks (“).
As described in priv_str_to_set(3C), the special privilege sets of none, all, and basic expand to their normal definitions. Because zone configuration takes place from the global zone, the special privilege set zone cannot be used. Because a common use is to alter the default privilege set by adding or removing certain privileges, the special set default maps to the default set of privileges. When default appears at the beginning of the limitpriv property, it expands to the default set.
The following example entry adds the ability to use DTrace programs that only require the dtrace_proc and dtrace_user privileges in the zone:
global$ pfexec zonecfg -z my-zone zonecfg:my-zone> set limitpriv="default,dtrace_proc,dtrace_user"
The following example entry allows you to examine and modify the resource controls associated with an active process, task, or project on the system by using the priocntl command:
global$ pfexec zonecfg -z my-zone zonecfg:my-zone> set limitpriv="default,proc_priocntl"
If the zone's privilege set contains a disallowed privilege, is missing a required privilege, or includes an unknown privilege, an attempt to verify, ready, or boot the zone will fail with an error message.
Sets the maximum number of process table slots that are simultaneously available to a zone.
Sets the maximum number of the loopback interfaces for a zone.
Sets the maximum number of the LWPs that are simultaneously available to a zone.
Sets the maximum number of process table slots that are simultaneously available to a zone.
Sets the maximum number of the System-V-resource. The following is the complete list of max-System-V-resource global properties:
For descriptions and information about the effects of setting a maximum System V property value on another property, see Setting Zone-Wide Resource Controls and the zonecfg(8) man page.
Associates the zone with a resource pool on the system. Multiple zones can share the resources of one pool.
If you have configured resource pools on your system as described in Chapter 13, Creating and Administering Resource Pools Tasks in Administering Resource Management in Oracle Solaris 11.4, you can use the pool global property to associate the zone with one of the resource pools when you configure the zone.
The pool global property can be used to configure multiple zones that share the same pool.
You can specify that a subset of the system's processors be dedicated to a non-global zone while it is running by using the dedicated-cpu resource type. You can use dedicated-cpu properties to assign CPUs, cores, and sockets to a zone. The system dynamically creates a temporary pool for use while the zone is running. With specification through zonecfg, pool settings propagate during migrations. If you are configuring Oracle Solaris Kernel Zones, also see the virtual-cpu resource type.
Sets the scheduling class for the zone. See Scheduling Class for more information and additional ways to set the scheduling class.
Manages the namespace for EVS tenants. EVS resources that are defined within a tenant global property are not visible outside that tenant's namespace. For more information and an example, see About Elastic Virtual Switch and Zones.
Required for all zones. Sets the name of the zone. The following rules apply to zone names:
Each zone must have a unique name.
A zone name is case-sensitive.
A zone name must begin with an alphanumeric character.
The name can contain alphanumeric characters, underbars (_), hyphens (-), and periods (.).
The name cannot be longer than 63 characters.
The name global is reserved for the global zone.
Names beginning with SYS are reserved and cannot be used.
In solaris zones created with the zonecfg template property, the default value of zonepath is /system/zones/%{zonename}.
Kernel zones do not support the zonepath global property. The zone root is contained within a ZFS volume. The device onto which the zone is installed is specified with the device resource type with the bootpri property set to any positive integer value.