Previous
The zonecfg prompt is of the following form:
zonecfg:zonename> |
When you are configuring a specific resource type, such as a file system, that resource type is also included in the prompt:
zonecfg:zonename:fs> |
For more information, including procedures that show how to use the various zonecfg components described in this chapter, see Chapter 18, Planning and Configuring Non-Global Zones (Tasks).
zonecfg Modes
The concept of a scope is used for the user interface. The scope can be either global or resource specific. The default scope is global.
In the global scope, the add subcommand and the select subcommand are used to select a specific resource. The scope then changes to that resource type.
For the add subcommand, the end or cancel subcommands are used to complete the resource specification.
For the select subcommand, the end or cancel subcommands are used to complete the resource modification.
The scope then reverts back to global.
Certain subcommands, such as add, remove, and set, have different semantics in each scope.
zonecfg Interactive Mode
In interactive mode, the following subcommands are supported. For detailed information about semantics and options used with the subcommands, see the zonecfg(1M) man page for options. For any subcommand that could result in destructive actions or loss of work, the system requests user confirmation before proceeding. You can use the -F (force) option to bypass this confirmation.
help | Print general help, or display help about a given resource.
| |
create | Begin configuring an in-memory configuration for the specified new zone for one of these purposes:
| |
export | Print the configuration to standard output, or to the output file specified, in a form that can be used in a command file. | |
add | In the global scope, add the specified resource type to the configuration. In the resource scope, add a property of the given name with the given value. See How to Configure the Zone and the zonecfg(1M) man page for more information. | |
set | Set a given property name to the given property value. Note that some properties, such as zonepath, are global, while others are resource specific. Thus, this command is applicable in both the global and resource scopes. | |
select | Applicable only in the global scope. Select the resource of the given type that matches the given property name-property value pair criteria for modification. The scope is changed to that resource type. You must specify a sufficient number of property name-value pairs for the resource to be uniquely identified. | |
clear | In the global scope, remove the specified resource type. In a resource scope, clear optional settings. | |
remove | In the global scope, remove the specified resource type. You must specify a sufficient number of property name-value pairs for the resource type to be uniquely identified. If no property name-value pairs are specified, all instances will be removed. If more than one exists, a confirmation is required unless the -F option is used. In the resource scope, remove the specified property name-property value from the current resource. | |
end | Applicable only in the resource scope. End the resource specification. The zonecfg command then verifies that the current resource is fully specified.
| |
cancel | Applicable only in the resource scope. End the resource specification and reset the scope to global. Any partially specified resources are not retained. | |
delete | Destroy the specified configuration. Delete the configuration both from memory and from stable storage. You must use the -F (force) option with delete.
| |
info | Display information about the current configuration or the global resource properties zonepath, autoboot, and pool. If a resource type is specified, display information only about resources of that type. In the resource scope, this subcommand applies only to the resource being added or modified. | |
verify | Verify current configuration for correctness. Ensure that all resources have all of their required properties specified. | |
commit | Commit current configuration from memory to stable storage. Until the in-memory configuration is committed, changes can be removed with the revert subcommand. A configuration must be committed to be used by zoneadm. This operation is attempted automatically when you complete a zonecfg session. Because only a correct configuration can be committed, the commit operation automatically does a verify. | |
revert | Revert configuration back to the last committed state. | |
exit | Exit the zonecfg session. You can use the -F (force) option with exit. A commit is automatically attempted if needed. Note that an EOF character can also be used to exit the session. |
Caution - This action is instantaneous. No commit is required, and a
deleted zone cannot be reverted.zonecfg Command-File Mode
In command-file mode, input is taken from a file. The export subcommand described in zonecfg Interactive Mode is used to produce this file. The configuration can be printed to standard output, or the -f option can be used to specify an output file.
Zone Configuration Data
Zone configuration data consists of two kinds of entities: resources and properties. Each resource has a type, and each resource can also have a set of one or more properties. The properties have names and values. The set of properties is dependent on the resource type.
Resource and Property Types
The resource and property types are described as follows:
zonename | The name of the zone. The following rules apply to zone names:
| ||||||||
zonepath | The zonepath property is the path to the zone root. Each zone has a path to its root directory that is relative to the global zone's root directory. At installation time, the global zone directory is required to have restricted visibility. It must be owned by root with the mode 700. The non-global zone's root path is one level lower. The zone's root directory has the same ownership and permissions as the root directory (/) in the global zone. The zone directory must be owned by root with the mode 755. These directories are created automatically with the correct permissions, and do not need to be verified by the zone administrator. This hierarchy ensures that unprivileged users in the global zone are prevented from traversing a non-global zone's file system.
See Traversing File Systems for a further discussion of this issue. Note - You can move a zone to another location on the same system by specifying a new, full zonepath with the move subcommand of zoneadm. See Moving a Non-Global Zone for instructions. | ||||||||
autoboot | If this property is set to true, the zone is automatically booted when the global zone is booted. Note that if the zones service, svc:/system/zones:default is disabled, the zone will not autoboot, regardless of the setting of this property. You can enable the zones service with the svcadm command described in the svcadm(1M) man page:
| ||||||||
bootargs | This property is used to set a boot argument for the zone. The boot argument is applied unless overridden by the reboot, zoneadm boot, or zoneadm reboot commands. See Zone Boot Arguments. | ||||||||
pool | This property is used to associate the zone with a resource pool on the system. Multiple zones can share the resources of one pool. | ||||||||
limitpriv | This property is used to specify a privilege mask other than the default. See Privileges in a Non-Global Zone. Privileges are added by specifying the privilege name, with or without the leading priv_. Privileges are excluded by preceding the name with a dash (-) or an exclamation mark (!). The privilege values are separated by commas and placed within quotation marks ("). As described in priv_str_to_set(3C), the special privilege sets of none, all, and basic expand to their normal definitions. Because zone configuration takes place from the global zone, the special privilege set zone cannot be used. Because a common use is to alter the default privilege set by adding or removing certain privileges, the special set default maps to the default, set of privileges. When default appears at the beginning of the limitpriv property, it expands to the default set. The following entry adds the ability to set the system clock and removes the ability to send raw Internet Control Message Protocol (ICMP) packets:
If the zone's privilege set contains a disallowed privilege, is missing a required privilege, or includes an unknown privilege, an attempt to verify, ready or boot the zone will fail with an error message. | ||||||||
scheduling-class | This property sets the scheduling class for the zone. See Scheduling Class for additional information and tips. | ||||||||
dedicated-cpu | This resource dedicates a subset of the system's processors to the zone while it is running. The dedicated-cpu resource provides limits for ncpus and, optionally, importance. For more information, seededicated-cpu Resource. | ||||||||
capped-memory | This resource groups the properties used when capping memory for the zone using the resource capping daemon, rcapd. The capped-memory resource provides limits for physical, swap, and locked memory. At least one of these properties must be specified. | ||||||||
dataset | Adding a Zetabyte File System (ZFS) dataset resource enables the delegation of storage administration to a non-global zone. The zone administrator can create and destroy file systems within that dataset, and modify properties of the dataset. The zone administrator cannot affect datasets that have not been added to the zone or exceed any top level quotas set on the dataset assigned to the zone. ZFS datasets can be added to a zone in the following ways.
See Chapter 8, "ZFS Advanced Topics," in Solaris ZFS Administration Guide and File Systems and Non-Global Zones. Also see Chapter 28, Troubleshooting Miscellaneous Solaris Zones Problems for information on dataset issues. | ||||||||
fs | Each zone can have various file systems that are mounted when the zone transitions from the installed state to the ready state. The file system resource specifies the path to the file system mount point. For more information about the use of file systems in zones, see File Systems and Non-Global Zones. | ||||||||
inherit-pkg-dir | This resource should not be configured in a whole root zone. In a sparse root zone, the inherit-pkg-dir resource is used to represent directories that contain packaged software that a non-global zone shares with the global zone. The contents of software packages transferred into the inherit-pkg-dir directory are inherited in read-only mode by the non-global zone. The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm. Note - Four default inherit-pkg-dir resources are included in the configuration. These directory resources indicate which directories should have their associated packages inherited from the global zone. The resources are implemented through a read-only loopback file system mount.
| ||||||||
net | The network interface resource is the virtual interface name. Each zone can have network interfaces that should be plumbed when the zone transitions from the installed state to the ready state. | ||||||||
device | The device resource is the device matching specifier. Each zone can have devices that should be configured when the zone transitions from the installed state to the ready state. | ||||||||
rctl | The rctl resource is used for zone-wide resource controls. The controls are enabled when the zone transitions from the installed state to the ready state. See Setting Zone-Wide Resource Controls for more information. Note - To configure zone-wide controls using the set global_property_name subcommand of zonefig, see How to Configure the Zone. | ||||||||
attr | This generic attribute can be used for user comments or by other subsystems. The name property of an attr must begin with an alphanumeric character. The name property can contain alphanumeric characters, hyphens (-), and periods (.) . Attribute names beginning with zone. are reserved for use by the system. |