Administering an Immutable Zone by Making It Writable
The zoneadm boot
subcommand provides two options that
enable the global zone administrator to manually boot an immutable zone
with either a writable root file system or with a transient writable
root file system. The zone is in writable mode only until the next
reboot.
- ‐w
-
Manually boot the zone with a writable
root
file system. - ‐W
-
Manually boot the zone with a transient writable
root
file system. The system is rebooted automatically when theself-assembly-complete
milestone is reached. The reboot places the zone under control of the MWAC policy again. This option is permitted when the zone has an MWAC policy ofnone
.
Both the ‐W and ‐w options are ignored for zones that are not immutable zones.
The zlogin
command provides two options for actions such as editing
an immutable file or adding a new package. Use of these options require the
solaris.zone.manage/
zonename authorization.
- ‐T
-
Enters an immutable zone with the trusted path attribute
PRIV_PROC_TPD
set. This session can modify files in the zone that are normally immutable. The session cannot read unprotected files. - ‐U
-
Performs the same process as the ‐T option, but in unsafe mode. In unsafe mode, unprotected files can be modified. You use this option for zones with the
flexible-configuration
MWAC security policy.
Note:
These options cannot be used with console login and are ignored for zones that are not immutable zones.