To configure an Oracle Solaris non-global zone to be immutable, perform this task.
Caution - Adding, modifying, or deleting zone user accounts and passwords cannot be done once Oracle Solaris non-global zone immutability is enabled, as described in this task. This issue can be resolved, however, by deploying an LDAP directory to contain zone-specific information such as users, roles, groups, rights profiles, and so on. |
Caution - The Oracle Solaris immutable zone functionality is limited to those ZFS data sets that are implemented by default in an Oracle Solaris non-global zone. Additional file systems, pools, or data sets are not subject to the immutable zone policy, although access to those file elements can be controlled using other means such as the use of read-only loopback mounts. |
If this command returns a value, then the Oracle Solaris non-global zone is running an you must shut it down.
# zoneadm list | grep -w "zone_name"
# zonecfg -z zone_name set file-mac-profile=fixed-configuration
# zonecfg -z zone_name set file-mac-profile=none
# zoneadm -z zone_name boot