Previous
Chapter 29
About Branded Zones and the Linux Branded Zone
The branded zones facility in the Solaris™ Operating System is a simple extension of Solaris Zones. This chapter discusses the branded zones concept and the lx brand, which implements Linux branded zones functionality. Linux branded zones are also known as Solaris Containers for Linux Applications.
Note - Although you can configure and install branded zones on a Trusted Solaris™ system that has labels enabled, you cannot boot branded zones on this system configuration.
About Using Zones on a Solaris System
See Chapter 16, Introduction to Solaris Zones for general information on the use of zones on a Solaris system.
You should be familiar with the following zones and resource management concepts:
The global zone and the non-global zone, described in How Zones Work
The global administrator and the zone administrator, described in How Non-Global Zones Are Administered and How Non-Global Zones Are Created.
The zone state model, discussed in Non-Global Zone State Model.
The zone isolation characteristics covered in Non-Global Zone Characteristics.
Privileges, described in Privileges in a Non-Global Zone.
Networking, described in Networking in Non-Global Zones
The Solaris Container concept, which is the use of resource management features, such as resource pools, with zones. The use and interaction of zones and resource management features are described in Using Resource Management Features With Non-Global Zones, Setting Zone-Wide Resource Controls, Chapter 26, Solaris Zones Administration (Overview), and the individual chapters in Part 1 Resource Management of this manual that document each resource management feature. For example, resource pools are covered in Chapter 12, Resource Pools (Overview) and Chapter 13, Creating and Administering Resource Pools (Tasks)
The fair share scheduler (FSS), a scheduling class that enables you to allocate CPU time based on shares, is covered in Chapter 8, Fair Share Scheduler (Overview) and Chapter 9, Administering the Fair Share Scheduler (Tasks).
The resource capping daemon (rcapd), which can be used from the global zone to control resident set size (RSS) usage of branded zones. The physical property of the zonecfg capped-memory resource sets the max-rss for a zone. This value is enforced by rcapd running in the global zone. For more information, see Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview), Chapter 11, Administering the Resource Capping Daemon (Tasks) and the rcapd(1M) man page.
The Glossary provides definitions for terms used with zones and resource management features.
Any additional information required to use branded zones on your system is provided in this part of the guide.
Note - The following chapters in this guide are not applicable to branded zones:
Branded Zones Technology
The branded zone (BrandZ) framework extends the Solaris Zones infrastructure, documented in this manual in Part II, Zones, to include the creation of brands. The term brand can refer to a wide range of operating environments. BrandZ enables the creation of non-global zones that contain non-native operating environments used for running applications. The brand type is used to determine the scripts that are executed when a zone is installed and booted. In addition, a zone's brand is used to properly identify the correct application type at application launch time. All brand management is performed through extensions to the current zones structure.
A brand can provide a simple or a complex environment. For example, a simple environment could replace the standard Solaris utilities with their GNU equivalents. A complex environment could provide a complete Linux user space which supports the execution of Linux applications.
Every zone is configured with an associated brand. The default is the native brand, Solaris. A branded zone will support exactly one brand of non-native binary, which means that a branded zone provides a single operating environment.
BrandZ extends the zones tools in the following ways:
The zonecfg command is used to set a zone's brand type when the zone is configured.
The zoneadm command is used to report a zone's brand type as well as administer the zone.
Note - You can change the brand of a zone in the configured state. Once a branded zone has been installed, that brand cannot be changed or removed.
Processes Running in a Branded Zone
Branded zones provide a set of interposition points in the kernel that are only applied to processes executing in a branded zone.
These points are found in such paths as the syscall path, the process loading path, and the thread creation path.
At each of these points, a brand can choose to supplement or replace the standard Solaris behavior.
A brand can also provide a plug-in library for librtld_db. The plug-in library allows Solaris tools such as the debugger, described in mdb(1), and DTrace, described in dtrace(1M), to access the symbol information of processes running inside a branded zone.
Branded Zone Device Support
The devices supported by each zone are documented in the man pages and other documentation for that brand. Device support is defined by the brand. A brand can choose to disallow the addition of any unsupported or unrecognized devices.
Branded Zone File System Support
The file systems required for a branded zone are defined by the brand.
Privileges in a Branded Zone
The privileges available in a branded zone are defined by the brand. For more information about privileges, see Privileges in a Non-Global Zone and Configurable Privileges in an lx Branded Zone.
About the lx Brand
The lx brand uses the branded zones framework to enable Linux binary applications to run unmodified on a machine with a Solaris Operating System kernel.
The machine must have one of the following supported i686 processor types:
Intel
Pentium Pro
Pentium II
Pentium III
Celeron
Xeon
Pentium 4
Pentium M
Pentium D
Pentium Extreme Edition
Core
Core 2
AMD
Opteron
Athlon XP
Athlon 64
Athlon 64 X2
Athlon FX
Duron
Sempron
Turion 64
Turion 64 X2