Maintaining an Immutable Global Zone
The most secure method of maintaining the global zone is by using the trusted path. Trusted path is only available on the console, so ensure that the console is accessible through the ILOM, a serial connection or through the graphical console.
After a system is configured to be immutable, configure the console login
with the trusted path. For the procedure, see How to Enable Administrative Access to an Immutable Zone From the Console. After you have configured the
console login, the root
account cannot log in and
administer the zone. You must log in as a user who is authorized to use
the trusted path. After logging in, you can then assume a role.
When you run the pkg update
command in an immutable
global zone, the first boot is read-write. The system needs these
permissions to perform the required self-assembly steps. When the
self-assembly steps have been performed, the system becomes immutable
again.