Devices, file systems, and privileges in a branded zone are included in the configuration by default.
The devices supported by each zone are documented in the man pages and other documentation for that brand. The solaris10 zone does not allow the addition of any unsupported or unrecognized devices. The framework detects any attempt to add an unsupported device. An error message is issued that indicates the zone configuration cannot be verified.
To learn more about device considerations in non-global zones, see Device Use in Non-Global Zones in Creating and Using Oracle Solaris Zones.
Processes are restricted to a subset of privileges. Privilege restriction prevents a zone from performing operations that might affect other zones. The set of privileges limits the capabilities of privileged users within the zone.
Default, required default, optional, and prohibited privileges are defined by each brand. You can also add or remove certain privileges by using the limitpriv property as shown in Step 8 of How to Configure the Zone in Creating and Using Oracle Solaris Zones. See Privileges in a Non-Global Zone in Creating and Using Oracle Solaris Zones for a list of Solaris privileges and the status of each with respect to zones.
For more information about privileges, see the ppriv(1) man page and Securing Users and Processes in Oracle Solaris 11.3.