Non-Global Zones in Solaris 11.1 (Part – 3)

Continuing from Previous Post ( . In this post explaining the fixed-configuration. In fixed-configuration you will get some privileges of creating the file in some directories in /var/ and totally in /tmp.

Step 1 : Checked the current setting on non-global zone. It is currently in strict configuration.

root@solaris11:~# zoneadm list -p

Step 2 : Changed the file-mac-profile property to fixed-configuration and rebooted the zone to take into effect.

root@solaris11:~# zonecfg -z testzone1 set file-mac-profile=fixed-configuration
root@solaris11:~# zoneadm -z testzone1 reboot

Step 3 : We can see that now it’s reflecting the change in output.

root@solaris11:~# zoneadm list -p

Step 4 : Now starting with verification part. In fixed configuration we can create the files in /var and /tmp file system except configuration directories present in /var/ file system.

Lets try to create file in /opt file system. We will not be able to do that.

root@testzone1:/var# cd /opt/

root@testzone1:/opt# touch file1
touch: cannot create file1: Read-only file system

In fixed-configuration we can create the files in /var and /tmp file system except configuration directories present in /var/ file system.

root@testzone1:~# cd /var/

root@testzone1:/var# touch file1

root@testzone1:/opt# touch /tmp/file2

Lets try in configuration directory we are not able to do that.

root@testzone1:/opt# touch /var/ld/file1
touch: cannot create /var/ld/file1: Read-only file system

If we are going to disable the service in zone it will not persist across reboots. Service is coming up after reboot.

root@testzone1:/opt# svcs -a | grep -i ssh

online 15:56:53 svc:/network/ssh:default

root@testzone1:/opt# svcadm disable ssh

root@testzone1:/opt# svcs -a | grep -i ssh
disabled 16:06:33 svc:/network/ssh:default

root@solaris11:~# zoneadm -z testzone1 reboot

root@solaris11:~# zlogin testzone1
[Connected to zone ‘testzone1’ pts/2]
Oracle Corporation SunOS 5.11 11.1 September 2012

root@testzone1:~# svcs -a | grep -i ssh
online 16:07:15 svc:/network/ssh:default




