Tamper-proofing with immutability enables global zones and non-global zones to create a resilient, high-integrity operating environment within which SuperCluster compute servers operate their own services. Building upon the inherent security capabilities of Oracle Solaris global and non-global zones, immutable zones ensure that (some or all) OS directories and files are unable to be changed (without administrator intervention). The enforcement of this read-only posture helps to prevent unauthorized changes, promotes stronger change management procedures, and deters the injection of both kernel and user-based malware.
While you should always confirm that application software operates as expected in an immutable environment, be aware that Oracle Database instances and Oracle RAC clusters are verified to run correctly within Oracle Solaris immutable non-global zones.
# zonecfg -z global set file-mac-profile=fixed-configuration zonecfg:global> commit
As the immutable global zone is configured, it is important to enter the console login using one of these break sequences:
Graphical console – F1-A
Serial console – <Break> or the alternate break sequence (CR~ Ctrl-b)
trusted path console login:
# reboot