Administering an Immutable Zone by Making It Writable

The zoneadm boot subcommand provides two options that enable the global zone administrator to manually boot an immutable zone with either a writable root file system or with a transient writable root file system. The zone is in writable mode only until the next reboot.

‐w

Manually boot the zone with a writable root file system.

‐W

Manually boot the zone with a transient writable root file system. The system is rebooted automatically when the self-assembly-complete milestone is reached. The reboot places the zone under control of the MWAC policy again. This option is permitted when the zone has an MWAC policy of none.

Both the ‐W and ‐w options are ignored for zones that are not immutable zones.

The zlogin command provides two options for actions such as editing an immutable file or adding a new package. Use of these options require the solaris.zone.manage/ zonename authorization.

‐T

Enters an immutable zone with the trusted path attribute PRIV_PROC_TPD set. This session can modify files in the zone that are normally immutable. The session cannot read unprotected files.

‐U

Performs the same process as the ‐T option, but in unsafe mode. In unsafe mode, unprotected files can be modified. You use this option for zones with the flexible-configuration MWAC security policy.

Note:

These options cannot be used with console login and are ignored for zones that are not immutable zones.