Non-Global Zones in Solaris 11.1 (Part -2)

Continuing from Previous Post (https://ervikrant06.wordpress.com/2014/06/14/non-global-zones-in-solaris-11-1-part-1/ ) Strict type of non-global zone.

Step 1 : Verify the current state of zone by issuing below commands.

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
2:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solari

Step 2 : Change the file-mac-profile property to change the state of zone. After changing the property I check whether it is getting reflected in status check output, no it’s not.

root@solaris11:~# zonecfg -z testzone1 set file-mac-profile=strict

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
2:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:-:

Step 3 : Rebooted the non-global zone now you can see the changed in output of “zoneadm list -p”. Compare the output with Step 1 and Step 2.

root@solaris11:~# zoneadm -z testzone1 reboot

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
3:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:R:strict

Step 4 : Time for verification now login into zone. I tried to touch files in the file system but I am not able to do that which is expected.

root@solaris11:~# zlogin testzone1
[Connected to zone ‘testzone1’ pts/2]
Oracle Corporation SunOS 5.11 11.1 September 2012

root@testzone1:~# cd /var/tmp/

root@testzone1:/var/tmp# touch file1
touch: cannot create file1: Read-only file system

root@testzone1:/var/tmp# cd /
root@testzone1:/# touch file1
touch: cannot create file1: Read-only file system

  • Suppose on server I am having strict zone but I want to do some modification in zone for that instead of changing file-mac-profile propertly. We can boot the zone into write mode for once.

root@solaris11:~# zoneadm -z testzone1 reboot -w

Notice the difference here in comparison to output of Step 3.

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
4:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:W:strict

Now I am able to create the files in zone.

[Connected to zone ‘testzone1’ pts/2]
Oracle Corporation SunOS 5.11 11.1 September 2012
root@testzone1:~# touch file1
root@testzone1:~# cd /var/tmp/
root@testzone1:/var/tmp# touch file1
root@testzone1:/var/tmp#

Notably your file-mac-profile will remain same because this is a temporary change only.

root@solaris11:~# zonecfg -z testzone1 info
zonename: testzone1
zonepath: /zones/testzone1
brand: solaris
autoboot: false
bootargs:
file-mac-profile: strict

After rebooting again It will come back to same stage as on Step 3

root@solaris11:~# zoneadm -z testzone1 reboot

root@solaris11:~# zoneadm list -p
0:global:running:/::solaris:shared:-:none
5:testzone1:running:/zones/testzone1:69260524-71af-4ca8-e2e1-eb22949f3f10:solaris:excl:R:strict

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s