Immutable Zones are solaris zones with read-only roots. Both global and non-global zones can be Immutable Zones. A read-only zone can be configured by setting the file-mac-profile property. Several configurations are available. A read-only zone root expands the secure runtime boundary.
Oracle Solaris Immutable Global Zones extended the Immutable Zones feature to the global zone. For Immutable Zones and Immutable Kernel Zones, the Trusted Path login can be invoked through the zlogin command zlogin(1).
Zones that are given additional datasets using zonecfg add dataset still have full control over those datasets. Zones that are given additional file systems using zonecfg add fs have full control over those file systems, unless the file systems are set read-only.
See Chapter 11, Configuring and Administering Immutable Zones in Creating and Using Oracle Solaris Zones for more information.