1. Creating and Using Oracle Solaris Zones
  2. Configuring and Administering Immutable Zones
  3. Immutable Global Zones
  4. Configuring an Immutable Global Zone

Configuring an Immutable Global Zone

To configure an immutable global zone is similar to configuring an immutable non-global zone. The MWAC security policy is set with the zonecfg command, as Setting the MWAC Security Policy describes. After committing the zone configuration, the boot information is written and the boot archive is updated. The global zone becomes immutable immediately. No reboot is necessary.

The following information is specific to immutable global zones:

  • If the global zone uses DHCP to set network interfaces, the flexible-configuration MWAC policy must be selected.

  • The rpool dataset is restricted.

    You can add an unrestricted sub-dataset by using the zonecfg add dataset command. An immutable global zone can only run zones in unrestricted datasets. All the children of an unrestricted dataset are also unrestricted.